CV0-003 · Question #800
A VDI provider suspects users are installing prohibited software on the instances. Which of the following must be implemented to prevent the issue?
The correct answer is D. System hardening. System hardening restricts user privileges and removes unnecessary capabilities such as the ability to install software, directly preventing prohibited application installation on VDI instances.
Question
A VDI provider suspects users are installing prohibited software on the instances. Which of the following must be implemented to prevent the issue?
Options
- ALog monitoring
- BPatch management
- CVulnerability scanning
- DSystem hardening
How the community answered
(36 responses)- A3% (1)
- B6% (2)
- C3% (1)
- D89% (32)
Why each option
System hardening restricts user privileges and removes unnecessary capabilities such as the ability to install software, directly preventing prohibited application installation on VDI instances.
Log monitoring can detect that prohibited software was installed but does not prevent the installation from occurring in the first place.
Patch management keeps software up to date to remediate known vulnerabilities, but it does not restrict users from installing unauthorized applications.
Vulnerability scanning identifies security weaknesses in existing software configurations, but it does not enforce controls that block software installation by users.
System hardening in a VDI context involves applying least-privilege principles, disabling software installation rights for standard users, and locking down the OS via group policy or configuration management. This proactively blocks the unwanted behavior at the system level rather than detecting it after the fact. Controls such as application whitelisting and restricted user account privileges are core hardening techniques that enforce what software can run or be installed.
Concept tested: VDI endpoint security through system hardening
Source: https://learn.microsoft.com/en-us/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines
Topics
Community Discussion
No community discussion yet for this question.