What control could be used to restrict software installation based on file extension?

Using file extension checks as a control to restrict software installation is effective because it allows the system to validate the type of files being executed or installed. By implementing checks that examine the file extension, administrators can establish rules that permit or deny installation based on whether the file has an approved extension.

For example, if an organization only allows software installations from executables that end in .exe or scripts that end in .bat, the system can automatically block all other file types that do not meet these criteria, thereby reducing the risk of running unauthorized or potentially harmful software.

In the context of the other options, directory monitoring involves tracking changes within specific directories, which may help identify unauthorized software installations but does not inherently prevent them. System permissions manage user access and capabilities within the system but are not specifically focused on controlling file types. User authentication ensures that individuals attempting to install software have the appropriate credentials, but it does not control what types of software can be installed once a user is authenticated.