CSCP Exam QuestionsBrowse all questions from this exam
Go to Exam

CSCP Exam - Question 56

You have a Microsoft 365 subscription and an Azure subscription. Microsoft 365 Defender and Microsoft Defender for Cloud are enabled.

The Azure subscription contains 50 virtual machines. Each virtual machine runs different applications on Windows Server 2019.

You need to recommend a solution to ensure that only authorized applications can run on the virtual machines. If an unauthorized application attempts to run or be installed, the application must be blocked automatically until an administrator authorizes the application.

Which security control should you recommend?

Show Answer
Correct Answer: D

To ensure that only authorized applications can run on the virtual machines and block any unauthorized application automatically until an administrator authorizes it, the best solution is to use application control policies in Microsoft Defender for Endpoint. These policies allow you to create a list of approved applications and prevent the execution of any applications not on this list, effectively blocking unauthorized applications. This functionality aligns precisely with the requirement of blocking unauthorized applications until they are approved by an administrator.

Discussion

4 comments
Sign in to comment
CarisBOption: D
Oct 23, 2024

Windows Defender Application Control (WDAC) seems better, but I go for D

Nail
Nov 27, 2024

WDAC and app control policies in MDE are one and the same.

zellck
Nov 14, 2024

Same as Question 23. https://www.examtopics.com/discussions/microsoft/view/99695-exam-sc-100-topic-4-question-23-discussion

MaciekMT
Oct 18, 2024

from ChatGPT: Based on the requirements of ensuring that only authorized applications can run on the virtual machines, and that an unauthorized application is blocked automatically until an administrator authorizes it, the recommended security control to implement is application control policies in Microsoft Defender for Endpoint. Application control policies in Microsoft Defender for Endpoint provide a way to prevent the execution of malicious and unauthorized applications on Windows 10 and Windows Server 2019 machines. Application control policies can be used to block all unknown applications or allow only trusted applications to run. Using application control policies, you can create policies that restrict application execution to a specific set of approved applications. When an unknown application attempts to run, it will be blocked until the administrator approves it. Therefore, the correct answer is D) application control policies in Microsoft Defender for Endpoint.

zellckOption: D
Nov 14, 2024

D is the answer. https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager prevents malicious code from running by ensuring that only approved code, that you know, can be run. Application Control is a software-based security layer that enforces an explicit list of software that is allowed to run on a PC. On its own, Application Control doesn't have any hardware or firmware prerequisites. Application Control policies deployed with Configuration Manager enable a policy on devices in targeted collections that meet the minimum Windows version and SKU requirements outlined in this article. Optionally, hypervisor-based protection of Application Control policies deployed through Configuration Manager can be enabled through group policy on capable hardware.

Nail
Nov 27, 2024

why do you have a link for device guard? That is protecting you from unsafe websites, not apps.

Nail
Nov 27, 2024

My bad, I was thinking of application guard. device guard is the old name for WDAC.

Nail
Nov 27, 2024

My bad, I was thinking of application guard. device guard is the old name for WDAC.