A security administrator needs to enhance their organization's defensive posture against targeted malware attacks. The administrator has been tasked with ensuring the new security measure will not impede the productivity of users who require specialized software for their daily tasks. Which of the following would provide the BEST balance between security and usability?
Enforcing strict patch management for all installed applications.
Implementing a dynamic application allow list with different trust levels for software.
Installing advanced endpoint protection on all user endpoints.
Setting up continuous monitoring of all endpoint behaviors.
By employing a dynamic application allow list with trust levels, an organization can balance security and usability. This approach allows for flexibility by setting criteria that applications must meet before they're allowed to execute, such as being signed with a trusted certificate or matching a known good checksum. Trust levels can differentiate between well-known, broadly trusted applications and less common but legitimate software needed for business operations. Regular patch management assures that only updated and presumably more secure versions of software are allowed, but by itself does not restrict execution of untrusted applications. Endpoint protection is essential but doesn't specifically control application execution like an allow list does. Continuous monitoring is important for overall security posture but doesn't provide the proactive execution control provided by an application allow list.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a dynamic application allow list?
Open an interactive chat with Bash
What are trust levels in application allow lists?
Open an interactive chat with Bash
How does an application allow list improve security compared to just patch management?