CompTIA Security+ (SY0-501) — Question 414

Which of the following BEST explains why sandboxing is a best practice for testing software from an untrusted vendor prior to an enterprise deployment?

Answer options

• A. It allows the software to run in an unconstrained environment with full network access.
• B. It eliminates the possibility of privilege escalation attacks against the local VM host.
• C. It facilitates the analysis of possible malware by allowing it to run until resources are exhausted.
• D. It restricts the access of the software to a contained logical space and limits possible damage.

Correct answer: D

Explanation

The correct answer, D, highlights that sandboxing creates a secure environment that limits the software's access and potential impact on the system. Option A is incorrect because sandboxing typically restricts, rather than allows, full network access. Option B is misleading as privilege escalation could still occur within a sandboxed environment. Option C misrepresents the purpose of sandboxing, which is not to exhaust resources but to safely analyze software behavior.