What best practice could have prevented a corporate network from being infected by a malicious application on a flash drive?

Disabling AutoRun is a key best practice for preventing a corporate network from being infected by malicious applications on a flash drive. When AutoRun is enabled, any media such as a USB flash drive can automatically execute executables stored on it as soon as it is plugged into a computer. This feature can quickly lead to the unintentional propagation of malware without any user interaction, making it easier for malicious software to infect systems.

By disabling AutoRun, an organization can ensure that plugged-in flash drives do not automatically launch programs, thereby providing an additional layer of security. This requires users to manually access the contents of the flash drive, giving them an opportunity to inspect files before executing any software, and reducing the risk of malware spreading across the network.

Other practices, such as implementing strong passwords, changing default credentials, or removing guest accounts, focus on securing access controls and user accounts, but they do not specifically address the threat posed by malicious files on external drives. While important for overall security, they do not directly mitigate the risk of malware execution from a USB flash drive, making disabling AutoRun the most effective preventive measure in this context.