CompTIA CySA+ (CS0-003) — Question 217

A Chief Information Security Officer wants to lock down the users’ ability to change applications that are installed on their Windows systems. Which of the following is the best enterprise-level solution?

Answer options

• A. HIPS
• B. GPO
• C. Registry
• D. DLP

Correct answer: B

Explanation

The best enterprise-level solution is Group Policy Object (GPO) because it allows administrators to enforce specific settings and restrictions on users' workstations, including application installations. HIPS (Host Intrusion Prevention System) focuses on monitoring and protecting against threats rather than managing software installations. The Registry is a database for configuration settings but does not provide the centralized management needed for an enterprise solution, and DLP (Data Loss Prevention) is mainly concerned with data security rather than application management.