What control would BEST mitigate the risk of unauthorized program changes in a production environment?

The best way to mitigate the risk of unauthorized program changes in a production environment is to periodically calculate hash keys for programs. Hashing creates a unique fingerprint for each program file, and by regularly comparing the current hash values against a known good baseline, it becomes possible to detect any unauthorized changes. This technique provides assurance that the files remain intact and unmodified. If a hash value changes unexpectedly, it signals that the program may have been altered or tampered with, allowing for timely investigations and corrective actions.

While logging commands typed on the command line can help track actions taken by users, it does not prevent unauthorized changes and can be cumbersome to audit effectively. Restricting access to the command line does add a layer of protection but may limit necessary administrative functions, which can compromise system management and troubleshooting abilities. Removing development tools from the production environment might reduce the risk of accidental changes, but it does not address situations where authorized personnel inadvertently introduce changes or malware. Thus, leveraging hash keys provides a proactive and systematic approach to maintaining program integrity in production.