A security administrator needs to enhance their organization's defensive posture against targeted malware attacks. The administrator has been tasked with ensuring the new security measure will not impede the productivity of users who require specialized software for their daily tasks. Which of the following would provide the BEST balance between security and usability?
Setting up continuous monitoring of all endpoint behaviors.
Installing advanced endpoint protection on all user endpoints.
Enforcing strict patch management for all installed applications.
Implementing a dynamic application allow list with different trust levels for software.
By employing a dynamic application allow list with trust levels, an organization can balance security and usability. This approach allows for flexibility by setting criteria that applications must meet before they're allowed to execute, such as being signed with a trusted certificate or matching a known good checksum. Trust levels can differentiate between well-known, broadly trusted applications and less common but legitimate software needed for business operations. Regular patch management assures that only updated versions of software are installed, but by itself does not restrict execution of untrusted applications. Endpoint protection can detect known threats but still permits unknown binaries to run, and continuous monitoring is reactive rather than preventive, so neither provides the proactive execution control of an application allow list.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a dynamic application allow list?
Open an interactive chat with Bash
What are trust levels in the dynamic application allow list?
Open an interactive chat with Bash
How does a dynamic application allow list differ from endpoint protection?