CompTIA Security+ (SY0-601) — Question 433

Which of the following would be the best way to block unknown programs from executing?

Answer options

• A. Access control list
• B. Application allow list
• C. Host-based firewall
• D. DLP solution

Correct answer: B

Explanation

The Application allow list specifically permits only known and trusted programs to execute, making it the best choice for blocking unknown applications. In contrast, an Access control list regulates permissions but does not inherently block unknown applications, while a Host-based firewall mainly filters network traffic, and a DLP solution focuses on data protection rather than application execution.