Question: An organization allows the use of open-source software as long as users perform a file integrity check on the executables and verify the file against
An organization allows the use of open-source software as long as users perform a file integrity check on the executables and verify the file against hashed of known malware. A user downloads the following files from an open-source website:
| FILE NAME | MD5 |
| Webserver_81,exe | 1e39 2210 faeo 6ae4 243f 220d 33da 62e4 |
| Opendatabase_43.exe | 2f36 12e0 123o 52e2 1a3e 10ae 23bb 72a3 |
| Webserver_82.exe | 2f40 3221 33ad 8f34 1032 1ado 13ef 51a4 |
| Opendatabase_44.exe | 2a22 10ao 36ao 7789 10af 12aa 23aa 51e6 |
After submitting the hashes to the malware registry, the user is alerted that 2f40 3221 33ad 8f34 1032 1ado 13ef 51a4 matches a known malware signature. The organization has been running all of the above software with no known issues. Which of the following actions should the user take and why?
- Download and run the software but notify the organizations cybersecurity office. The malware register has a false positive since the software been running without any issues
- Do not run any of the software and notify the organizations cybersecurity office. The open-source website has been compromised and none of the software can be trusted
- Download and run only webserver_82.exe and opendatabase_44 and notify the organizations cybersecurity office. Legacy versions of the software have been compromised
- Do not run webserver_82.exe and notify the organizations cybersecurity office. The software is malware
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts