Repeated unauthorized programs are appearing on workstations. Which method best ensures recognized software is permitted while restricting unapproved applications?
Install a more robust detection tool that flags unexpected processes but allows them
Maintain a verified list of approved executables and enforce their use
Add known malicious items to a blocklist and stop those specific files
Launch a higher permission role so employees can manually remove threats
An allowlist-based approach with a verified inventory assists in blocking unforeseen or harmful programs while letting necessary software function. Blocklists may overlook new or unknown threats. Granting more user permissions does not restrict new processes, and even an advanced detection system that permits flagged processes to continue does not stop them from running. By using an allowlist, only applications that are identified and added to the approved inventory can operate, limiting risk and maintaining control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an allowlist and how does it work?
Open an interactive chat with Bash
Why is an allowlist more effective than a blocklist?
Open an interactive chat with Bash
How do you maintain an effective allowlist in a dynamic environment?