A security analyst is configuring a large number of new company-issued laptops.
The analyst received the following requirements: -> The devices will be used internationally by staff who travel extensively.
-> Occasional personal use is acceptable due to the travel requirements.
-> Users must be able to install and configure sanctioned programs and productivity suites.
-> The devices must be encrypted.
-> The devices must be capable of operating in low-bandwidth environments.
Which of the following would provide the GREATEST benefit to the security posture of the devices?
A.
Configuring an always-on VPN B.
Implementing application whitelisting C.
Requiring web traffic to pass through the on-premises content filter D.
Setting the antivirus DAT update schedule to weekly.
D.
A security analyst is configuring a large number of new company-issued laptops.
The analyst received the following requirements: -> The devices will be used internationally by staff who travel extensively.
-> Occasional personal use is acceptable due to the travel requirements.
-> Users must be able to install and configure sanctioned programs and productivity suites.
-> The devices must be encrypted.
-> The devices must be capable of operating in low-bandwidth environments.
Which of the following would provide the GREATEST benefit to the security posture of the devices?
A.
Configuring an always-on VPN
B.
Implementing application whitelisting
C.
Requiring web traffic to pass through the on-premises content filter
D.
Setting the antivirus DAT update schedule to weekly.
D.
Out of the given options, the best option that would provide the greatest benefit to the security posture of the laptops is implementing application whitelisting (Option B).
Application whitelisting is a security mechanism that allows only pre-approved applications to run on a device. This means that any unauthorized or potentially malicious software will not be able to execute, even if it manages to infiltrate the system. This makes application whitelisting an effective way to prevent malware infections and other types of cyber-attacks that rely on executing unauthorized software.
In the context of the scenario, implementing application whitelisting would help to ensure that only approved and sanctioned programs and productivity suites can be installed and configured on the laptops. This would prevent users from installing potentially dangerous software, which could compromise the security of the devices and the organization's network.
Moreover, application whitelisting can help to prevent accidental or intentional installation of unauthorized software, which could result in data breaches or other security incidents. This is especially important in the case of laptops used by staff who travel extensively and may connect to unsecured networks or use public Wi-Fi.
While the other options (Configuring an always-on VPN, Requiring web traffic to pass through the on-premises content filter, Setting the antivirus DAT update schedule to weekly) may also provide some security benefits, they do not address the specific requirements and concerns mentioned in the scenario as effectively as implementing application whitelisting.
Configuring an always-on VPN (Option A) would provide secure communication between the laptops and the organization's network, but it would not address the issue of unauthorized software installations or prevent malware infections.
Requiring web traffic to pass through the on-premises content filter (Option C) would help to filter out potentially harmful websites and content, but it would not prevent the installation of unauthorized software or malware that may be downloaded from other sources.
Setting the antivirus DAT update schedule to weekly (Option D) is important for keeping antivirus software up to date and protecting against known threats, but it would not prevent the installation of new or unknown malware, which could be prevented with application whitelisting.
In summary, implementing application whitelisting would provide the greatest benefit to the security posture of the laptops, given the specific requirements and concerns mentioned in the scenario.