Hansy is a security administrator for a large company. Users on his network visit a wide range of websites. He is concerned they might get malware from one of these many websites. Which of the following would be his best approach to mitigate this threat?

The correct answer is to only allow signed components to be loaded in the browser. Code signing is a method of verifying the source of a component, like an ActiveX component, which reduces the likelihood of malware. While host-based antimalware is a valuable precaution, it is not the most effective solution for this particular threat. Blacklists can only identify known infected sites and cannot account for all potentially infected sites. And given that users on Hansy’s network visit a lot of websites, blacklisting is likely to be ineffective. Finally, if you block all active content, many websites will be completely unusable.