An Information Systems Security Officer (ISSO) has been placed in charge of a classified peer-to-peer
network that cannot connect to the Internet. The ISSO can update the antivirus definitions manually, but
which of the following steps is MOST important?

A.
A full scan must be run on the network after the DAT file is installed.

B.
The signatures must have a hash value equal to what is displayed on the vendor site.

C.
The definition file must be updated within seven days.

D.
All users must be logged off of the network prior to the installation of the definition file.

Explanation:
A hash value can be used to uniquely identify secret information. This requires that the hash function is
collision resistant, which means that it is very hard to find data that generate the same hash value and
thus it means that in hashing two different inputs will not yield the same output. Thus the hash value
must be equal to that displayed on the vendor site.
Incorrect Answers:
A: To run a full scan is just important to check the status of your computer insofar as virus infections may
be concerned, not the updating of the antivirus definitions when you cannot connect the P2P to the
internet.
C: This not a time constraint issue.
D: Logging off of the network is not a requirement to install updates.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 255