SY0-501 Question #283: Real Exam Question with Answer & Explanation

Question

A company would like to prevent the use of a known set of applications from being used on company computers. Which of the following should the security administrator implement?

Options

• AWhitelisting
• BAnti-malware
• CApplication hardening
• DBlacklisting
• EDisable removable media

Explanation

To prevent a specific set of known applications from being used on company computers, a security administrator should implement blacklisting.

Common mistakes.

• A. Whitelisting prevents all applications from running unless they are explicitly identified and approved, which is a more restrictive approach than just preventing a 'known set' of unwanted ones.
• B. Anti-malware software primarily detects and quarantines malicious code, which is different from preventing specific legitimate but unwanted applications defined by company policy.
• C. Application hardening focuses on securing an application's configuration and environment to reduce vulnerabilities, not on preventing its execution based on a prohibited list.
• E. Disabling removable media prevents software from being introduced via USB drives, but it does not prevent already installed applications or those distributed via other means from running.

Concept tested. Application control via blacklisting

Reference. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/wdac-design-guide

No community discussion yet for this question.