Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
An endpoint security engineer finds that a newly acquired company has a variety of non-standard applications running and no defined ownership for those applications. The engineer needs to find a solution that restricts malicious programs and software from running in that environment, while allowing the non-standard applications to function without interruption. Which of the following application control configurations should the engineer apply?
Correct Answer: C
Comprehensive and Detailed Step-by-Step Option A: Deny list Deny lists block specific applications or processes identified as malicious. This approach is reactive and may inadvertently block the non-standard applications that are currently in use without proper ownership. Option B: Allow list Allow lists permit only pre-approved applications to run. While secure, this approach requires defining all non-standard applications, which may disrupt operations in an environment where ownership is unclear. Option C: Audit mode Correct Answer. Audit mode allows monitoring and logging of applications without enforcing restrictions. This is ideal in environments with non-standard applications and undefined ownership because it enables the engineer to observe the environment and gradually implement control without interruption. Audit mode provides critical visibility into the software landscape, ensuring that necessary applications remain functional. Option D: MAC list Mandatory Access Control (MAC) lists restrict access based on classification and clearance levels. This does not align with application control objectives in this context. Reference: CompTIA CASP+ Study Guide - Chapters on Endpoint Security and Application Control. CASP+ Objective 2.4: Implement appropriate security controls for enterprise endpoints.