ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
A security team manages several hundred Windows 10 laptops used by developers who frequently update in-house tools. The devices are joined to AWS Managed Microsoft AD and receive Group Policy from domain controllers in Amazon EC2. Today the team enforces application allow-listing with AppLocker using file-hash rules. After every internal software build, many hashes change and legitimate executables are blocked until new rules are manually distributed, creating unacceptable administrative overhead. The team must keep a default-deny posture but allow only the organization's legitimately signed applications to run, even after future updates, while minimizing ongoing maintenance. Which AppLocker rule condition should the team adopt to meet these requirements?
Switch to path rules that permit execution of any file stored in %ProgramFiles% and %SystemRoot% directories.
Keep hash rules but enable automatic hash generation for every new build during software deployment.
Implement network zone rules that allow applications originating from the corporate intranet zone only.
Replace the hash rules with publisher rules that allow any executable signed by the organization's code-signing certificate.
File-hash rules uniquely identify each individual binary, so any recompilation or patch changes the hash and breaks the allow-listing until new rules are created. Switching to publisher-based rules lets AppLocker trust any executable that is digitally signed by a specified software publisher or the organization's own code-signing certificate. As long as future builds are signed with that certificate, new hashes are irrelevant and no additional rule maintenance is required. Path rules are easier to manage than hashes but allow anything placed in the approved directories, which weakens the default-deny posture. Network-zone conditions are not supported in AppLocker (they exist only in legacy Software Restriction Policies). Continuing to rely on automatically regenerated hash rules would not reduce the administrative burden. Therefore, publisher rules are the most appropriate choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AppLocker and how does it enforce application allow-listing?
Open an interactive chat with Bash
What is a publisher rule in AppLocker and how does it work?
Open an interactive chat with Bash
Why are file hash rules problematic for frequently updated software?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Systems and Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .