CompTIA SecurityX (CAS-005) — Question 168

A company acquires a location with a large infrastructure of legacy devices. Because of the hardware's age and the legacy software's limitations, the OS cannot be upgraded, and the machines cannot be virtualized. These machines are not publicly facing, but they do have internet access. The following controls are currently in place:

• EDR
• Anti-malware
• Logging and monitoring
• Host-based firewall
• Proxied internet access

A security architect needs to supplement the existing control strategy with one that restricts unauthorized software. Which of the following controls should the architect recommend to best supplement the existing environment?

Answer options

• A. SIEM
• B. Isolation
• C. Conditional access
• D. Application control

Correct answer: D

Explanation

Application control is the most effective measure to prevent unauthorized software from executing on the legacy devices, as it specifically restricts which applications can run. The other options, while beneficial in their own contexts, do not directly address the need for restricting application execution on these machines. SIEM focuses on security event management, Isolation prevents network access, and Conditional access relates to user permissions rather than application control.