Which situation indicates application-level white listing?
A. Allow everything and deny specific executable files.
B. Allow specific executable files and deny specific executable files.
C. Writing current application attacks on a whiteboard daily.
D. Allow specific files and deny everything else.
D, “Application whitelisting can be used to stop threats on managed hosts where users are
not able to install or run applications without authorization. For example, let’s imagine
that you manage a kiosk in an airport where users are limited to running a web-based
application. You may want to whitelist that application and prohibit running any
additional applications in the system.” From the CISCO 210-250 Cyber Ops Book
Has to be D, even though other sites show it as B.
https://www.bleepingcomputer.com/tutorials/create-an-application-whitelist-policy-in-windows/#intro
D is the correct.
“A blacklist can identify IP addresses, applications, domains, or URLs to be explicitly denied” and “Whitelisting denies all traffic that is not explicitly permitted.”
in my point of view I think It is D. A whitelist by default only allows whitelisted items and deny the rest of items that are not present in the whitelist.
if i used Windows Server GPO to white list some app , the those only the apps with .exe extenuation that would be run , other apps will not run , so i think files will also include the exe since exe is a file , others might be referred to as documents or pictures or audio , are files but not in the context of white and black listing.
If an entity appears on a whitelist, all traffic to and from that entity is permitted. Any entity that does not appear in the whitelist is denied and not explicitly permitted.
The Cisco Cyber turtorials say that Application Whitelisting/blacklisting accepts/deny resources to entities. it say resources are mapped in the forms IP address, applications, domains, URLs…
so l think D will be able to cover those resources than just saying an executable file…
This is a tricky question. Probably the “application-level” points to “executable files”
Any other thoughts?
every file transfer occurs at the application layer, independent of file type
yes, but when you whitelist, you allow specific ones (apps, domains, etc) and block not defined ones (everything else).
I think B “Allow specific executable files and deny specific executable files. ” is more convenient because D is talking about files, not application executables
…but “B” indicates “and deny specific executable files”, which is not something that is managable
every file transfer occurs at the application layer