CAS-001 · Question #477
CAS-001 Question #477: Real Exam Question with Answer & Explanation
The correct answer is B: Implement an application whitelist at all levels of the organization.. Application whitelisting is the MOST effective solution. An application whitelist defines an explicit list of approved, trusted applications; any software not on the list is prevented from executing. This is uniquely effective against unrecognized (zero-day or novel) malware beca
Question
Options
- ARemove local admin permissions from all users and change anti-virus to a cloud aware, push
- BImplement an application whitelist at all levels of the organization.
- CDeploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for
- DUpdate router configuration to pass all network traffic through a new proxy server with advanced
Explanation
Application whitelisting is the MOST effective solution. An application whitelist defines an explicit list of approved, trusted applications; any software not on the list is prevented from executing. This is uniquely effective against unrecognized (zero-day or novel) malware because it does not rely on known signatures - it simply blocks anything that isn't pre-approved. Even if malware is delivered to a system, it cannot execute. This directly addresses all three goals: preventing unrecognized infections, reducing detection time (blocked at execution), and minimizing damage (malware never runs). Option A (removing local admin + cloud AV) reduces attack surface but AV is still signature-dependent. Option C (heuristic network IDS) detects but may not prevent execution. Option D (proxy with content filtering) can block known threats but not all unknown malware, especially if it uses allowed ports and protocols.
Community Discussion
No community discussion yet for this question.