A support engineer wants to prevent users from running malware on several IaaS compute instances. Which of the following will BEST achieve this objective?
A support engineer wants to prevent users from running malware on several IaaS compute instances. Which of the following will BEST achieve this objective?
Implementing an application whitelisting policy will best achieve the objective of preventing users from running malware on IaaS compute instances. Whitelisting only allows approved and trusted applications to run, thereby blocking any unauthorized or potentially harmful software, including malware, from executing.
Whitelisting policies only allow approved applications to run, which would effectively prevent any unauthorized application from executing, including malware. Option A is not a good solution to prevent users from running malware, as encryption is not designed to prevent users from running malware but to protect data from unauthorized access. Option B can help to limit which applications can run, but it won't prevent users from running malware if the malware is disguised as an approved application. Option D won't be a good solution either as it only restricts access to shared files, not the execution of applications.
C. Implement an application whitelisting policy: Application whitelisting allows only approved and trusted applications to run on the compute instances. This is a proactive approach to security that prevents users from executing any software that is not explicitly permitted, effectively blocking malware from running.