An organization allows the use of open-source software as long as users perform a file integrity check on the executables and verify the file against hashes of known malware. A user downloads the following files from an open-source website:
After submitting the hashes to the malware registry, the user is alerted that 2f40 3221 33ad 8f34 1032 1adc 13ef 51a4 matches a known malware signature. The organization has been running all of the above software with no known issues. Which of the following actions should the user take and why?
A. Download and run the software but notify the organization's cybersecurity office. The malware registry has a false positive since the software has been running without any issues.
B. Do not run any of the software and notify the organization's cybersecurity office. The open-source website has been compromised, and none of the software can be trusted.
C. Download and run only webserver_82.exe and opendatabase_44.exe and notify the organization's cybersecurity office. Legacy versions of the software have been compromised.
D. Do not run webserver_82.exe and notify the organization's cybersecurity office. The software is malware.
Â
Suggested Answer: D
This question is in SY0-501 Exam
For getting CompTIA Security+ certificate
Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA.
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.
