A systems administrator needs to implement a stringent application control policy on a server that handles sensitive data. The policy must ensure that only a specific set of pre-approved applications can be executed, and all other applications are blocked by default. Which of the following security controls would be the MOST effective to achieve this goal?
An application allow list is the most effective control because it operates on a 'deny-by-default' principle, permitting only explicitly approved applications to run. This is the most restrictive and secure approach for a sensitive server. An application deny list would block known bad applications but allow all others, which is less secure. Anomaly-based intrusion detection is a detective control that identifies unusual behavior but does not block application execution. Network Access Control (NAC) is a control that restricts device access to the network, not what applications can run on a host.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are allow lists and how do they work?
Open an interactive chat with Bash
What are some advantages of using allow lists over deny lists?