Which of the following should a company implement to BEST mitigate from zero-day malicious code
executing on employees’ computers?

A.
Least privilege accounts

B.
Host-based firewalls

C.
Intrusion Detection Systems

D.
Application white listing

Explanation:
Application whitelisting is a security stance that prohibits unauthorized software from being able to
execute unless it is on the preapproved exception list: the whitelist. This prevents any and all software,
including malware, from executing unless it is on the whitelist. This can help block zero-day attacks, which
are new attacks that exploit flaws or vulnerabilities in targeted systems and applications that are
unknown or undisclosed to the world in general.
Incorrect Answers:
A: Least privilege is a security stance in which users are granted the minimum necessary access,
permissions, and privileges that they require to accomplish their work tasks. It does not mitigate from
zero-day exploits
B: A host-based firewall is designed to protect the host from network based attack by using filters to limit
the network traffic that is allowed to enter or leave the host. The action of a filter is to allow, deny, or log
the network packet. Allow enables the packet to continue toward its destination. Deny blocks the packetfrom going any further and effectively discarding it. Log records information about the packet into a log
file. Filters can be based on protocol and ports.
C: Intrusion detection systems (IDSs) are designed to detect suspicious activity based on a database of
known attacks. It does not detect zero-day exploits that are new attacks that exploit flaws or
vulnerabilities in targeted systems and applications that are unknown or undisclosed to the world in
general.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 5-8, 12, 22, 82,
121, 241
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 26, 221, 236,338