Q: 8
A security team wants to implement compliance controls that only permits the installation of
company-approved software on user laptops. Which of the following should the IT department
deploy?
Options
Discussion
My pick: C, saw a similar question on practice and it was MDM for app control on endpoints.
Makes sense to go with C. MDM lets you lock down what users can install so it matches the compliance need here.
Guessing C . MDM is exactly what lets IT approve or block specific installs, which matches the question. EDR isn't mainly for this, pretty sure compliance policies live in MDM.
C . Had something like this in a mock, MDM lets you enforce install policies for compliance control. Confident it's C.
C tbh, MDM is built for enforcing app install restrictions. EDR (A) might monitor or sometimes block, but it's not its main job. A feels like a trap answer here.
A. but doesn't EDR sometimes block installs if set up right?
I actually think A (EDR) could fit since endpoint detection can sometimes control software installs, not just monitor threats. Maybe that’s too much of a stretch compared to MDM, but I’ve seen EDR trap folks on practice tests before.
Its A here, because EDR solutions can block the installation of unauthorized apps too, not just detect threats. MDM fits but I remember some EDR options actually restrict installs if set strict. Could be missing something though, correct me if I am.
Option C seems right, since MDM actually blocks unapproved app installs and enforces compliance. EDR (A) is more about monitoring threats than controlling installations. Not 100% sure unless they specify OS, but MDM covers most endpoints. Anyone disagree?
A tbh
Be respectful. No spam.
