CompTIA Security Plus Mock Test Q435

An Information Systems Security Officer (ISSO) has been placed in charge of a classified peer-to-peer network that cannot connect to the Internet. The ISSO can update the antivirus definitions manually, but which of the following steps is MOST important?

A. A full scan must be run on the network after the DAT file is installed.
B. The signatures must have a hash value equal to what is displayed on the vendor site.
C. The definition file must be updated within seven days.
D. All users must be logged off of the network prior to the installation of the definition file.

Correct Answer: B
Section: Compliance and Operational Security

A hash value can be used to uniquely identify secret information. This requires that the hash function is collision resistant, which means that it is very hard to find data that generate the same hash value and thus it means that in hashing two different inputs will not yield the same output. Thus the hash value must be equal to that displayed on the vendor site.

Incorrect Answers:
A: To run a full scan is just important to check the status of your computer insofar as virus infections may be concerned, not the updating of the antivirus definitions when you cannot connect the P2P to the internet.
C: This not a time constraint issue.
D: Logging off of the network is not a requirement to install updates.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 255