nerdexam
(ISC)2

CISSP · Question #502

Which of the following technologies would provide the BEST alternative to anti-malware software?

The correct answer is B. Application whitelisting. Application whitelisting is the best alternative to anti-malware because it prevents unauthorized code from executing entirely, rather than detecting known threats after the fact.

Submitted by femi9· Mar 5, 2026Security Architecture and Engineering

Question

Which of the following technologies would provide the BEST alternative to anti-malware software?

Options

  • AHost-based Intrusion Detection Systems (HIDS)
  • BApplication whitelisting
  • CHost-based firewalls
  • DApplication sandboxing

How the community answered

(43 responses)
  • A
    5% (2)
  • B
    81% (35)
  • C
    2% (1)
  • D
    12% (5)

Why each option

Application whitelisting is the best alternative to anti-malware because it prevents unauthorized code from executing entirely, rather than detecting known threats after the fact.

AHost-based Intrusion Detection Systems (HIDS)

HIDS monitors system activity and alerts on suspicious behavior or policy violations, but it is a detection mechanism - it does not inherently prevent malware from executing in the first place.

BApplication whitelistingCorrect

Application whitelisting enforces a policy where only explicitly approved, trusted applications are permitted to execute on a host, blocking all unauthorized or unknown executables by default. This approach is fundamentally superior to traditional anti-malware, which relies on signature databases or heuristics to detect known threats and can miss zero-day or novel malware. By denying execution of anything not on the approved list, whitelisting stops malware before it can run, regardless of whether it is recognized as malicious.

CHost-based firewalls

Host-based firewalls control inbound and outbound network traffic based on rules, but they do not inspect or block the execution of malicious files or code already resident on the host.

DApplication sandboxing

Application sandboxing isolates a running application to limit the damage it can cause, but it still allows the potentially malicious application to execute; it does not prevent the malware from running as whitelisting does.

Concept tested: Application whitelisting as proactive malware prevention control

Source: https://csrc.nist.gov/publications/detail/sp/800-167/final

Topics

#Application whitelisting#anti-malware alternative#endpoint security#preventative controls

Community Discussion

No community discussion yet for this question.

Full CISSP Practice