ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security administrator must protect 150 corporate Windows 10 laptops used by developers who frequently install new open-source tools. Policy requires that each newly downloaded executable be scanned immediately before its first run, that previously unseen (zero-day) malware be detected, and that the solution impose minimal administrative overhead for keeping malware definitions current. Which approach best meets these requirements?
Deploy a cloud-managed next-generation endpoint protection platform that performs on-access scanning with signature and behavior-based detection and retrieves updates automatically from the vendor's service.
Create a PowerShell logon script that downloads the latest antivirus signature (DAT) files each morning and schedules a full disk scan at midnight.
Install a network-based anti-malware proxy to inspect all VPN traffic from the laptops before it reaches internal resources.
Enable AppLocker to allow only Microsoft-signed binaries, blocking execution of all other downloaded files unless manually whitelisted by IT.
A cloud-managed, next-generation endpoint protection (NGAV/EDR) platform performs on-access scanning of every file at execution time. Because it combines signature-based inspection with machine-learning and behavioral analytics, it can identify both known malware and previously unseen (zero-day) threats. The service automatically updates its detection models from the vendor's cloud, eliminating daily manual maintenance. A manual PowerShell update script still relies on signatures and periodic full scans, leaving a window for new threats. A network proxy cannot inspect files executed offline or traffic protected by end-to-end encryption. AppLocker's default-deny approach blocks many legitimate open-source tools and does not provide malware scanning or behavioral analysis. Therefore, the cloud-managed NGAV/EDR solution is the most effective and least burdensome control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a cloud-managed next-generation endpoint protection platform?
Open an interactive chat with Bash
What are zero-day threats, and why are they hard to detect?
Open an interactive chat with Bash
How does behavioral analytics in NGAV solutions detect threats?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .