A financial services firm is updating its endpoint security strategy for employee workstations. The primary security goal is to prevent the execution of unauthorized software and novel malware, including zero-day exploits, which have bypassed their existing controls. The firm also needs to ensure that the chosen solution does not significantly degrade system performance for its users. Which of the following controls would BEST achieve these objectives?
The correct answer is application whitelisting. Application whitelisting operates on a default-deny principle where only specifically approved applications are allowed to run, making it extremely effective against malware, zero-day attacks, and unauthorized software. It prevents execution of unauthorized code, which is the foundation of most attacks.
While signature-based antivirus is important, it relies primarily on signature-based detection which can miss new or modified threats. Full disk encryption protects data at rest but does not prevent malicious code execution. Host-based firewalls filter network traffic but don't prevent authorized applications from being exploited or running malicious code that doesn't require network access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does application whitelisting work to improve security?
Open an interactive chat with Bash
What is the main limitation of signature-based antivirus compared to application whitelisting?
Open an interactive chat with Bash
Why don’t host-based firewalls or full disk encryption offer the same level of protection as application whitelisting?
Open an interactive chat with Bash
ISC2 CISSP
Communication and Network Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .