CompTIA CASP+ (CAS-004) — Question 557
A company wants to improve its active protection capabilities against unknown and zero-day malware. Which of the following is the MOST secure solution?
Answer options
- A. NIDS
- B. Application allow list
- C. Sandbox detonation
- D. Endpoint log collection
- E. HIDS
Correct answer: B
Explanation
The Application allow list is the most secure solution as it permits only pre-approved applications to run, effectively blocking any unrecognized and potentially harmful software, including zero-day malware. In contrast, NIDS and HIDS focus on monitoring and detecting threats rather than preventing them, while sandbox detonation is more reactive, and endpoint log collection does not offer active protection.