Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
A security engineer is given the following requirements: * An endpoint must only execute Internally signed applications * Administrator accounts cannot install unauthorized software. * Attempts to run unauthorized software must be logged Which of the following best meets these requirements?
Correct Answer: D
To meet the requirements of only allowing internally signed applications, preventing unauthorized software installations, and logging attempts to run unauthorized software, configuring application control with blocked hashes and enterprise-trusted root certificates is the best solution. This approach ensures that only applications signed by trusted certificates are allowed to execute, while all other attempts are blocked and logged. It effectively prevents unauthorized software installations by restricting execution to pre-approved applications. References: * CompTIA SecurityX Study Guide: Describes application control mechanisms and the use of trusted certificates to enforce security policies. * NIST Special Publication 800-53, "Security and Privacy Controls for Information Systems and Organizations": Recommends application whitelisting and execution control for securing endpoints. * "The Application Security Handbook" by Mark Dowd, John McDonald, and Justin Schuh: Covers best practices for implementing application control and managing trusted certificates