nerdexam
CompTIA

CV0-003 · Question #800

A VDI provider suspects users are installing prohibited software on the instances. Which of the following must be implemented to prevent the issue?

The correct answer is D. System hardening. System hardening restricts user privileges and removes unnecessary capabilities such as the ability to install software, directly preventing prohibited application installation on VDI instances.

Security

Question

A VDI provider suspects users are installing prohibited software on the instances. Which of the following must be implemented to prevent the issue?

Options

  • ALog monitoring
  • BPatch management
  • CVulnerability scanning
  • DSystem hardening

How the community answered

(36 responses)
  • A
    3% (1)
  • B
    6% (2)
  • C
    3% (1)
  • D
    89% (32)

Why each option

System hardening restricts user privileges and removes unnecessary capabilities such as the ability to install software, directly preventing prohibited application installation on VDI instances.

ALog monitoring

Log monitoring can detect that prohibited software was installed but does not prevent the installation from occurring in the first place.

BPatch management

Patch management keeps software up to date to remediate known vulnerabilities, but it does not restrict users from installing unauthorized applications.

CVulnerability scanning

Vulnerability scanning identifies security weaknesses in existing software configurations, but it does not enforce controls that block software installation by users.

DSystem hardeningCorrect

System hardening in a VDI context involves applying least-privilege principles, disabling software installation rights for standard users, and locking down the OS via group policy or configuration management. This proactively blocks the unwanted behavior at the system level rather than detecting it after the fact. Controls such as application whitelisting and restricted user account privileges are core hardening techniques that enforce what software can run or be installed.

Concept tested: VDI endpoint security through system hardening

Source: https://learn.microsoft.com/en-us/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines

Topics

#VDI#system hardening#application control#endpoint security

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice