Q: 12
[Security Architecture]
Asecuntv administrator is performing a gap assessment against a specific OS benchmark The
benchmark requires the following configurations be applied to endpomts:
• Full disk encryption
* Host-based firewall
• Time synchronization
* Password policies
• Application allow listing
* Zero Trust application access
Which of the following solutions best addresses the requirements? (Select two).
Options
Discussion
C or E. HIDS is tempting for policies and firewall, so maybe C and E are the real intent here?
C and D tbh. E is a common trap since HIDS does policy checks, but only SASE covers Zero Trust app access.
I thought C and E made sense at first look since HIDS could help with firewall and policy checks. But not sure if E really covers Zero Trust app access fully. Pretty sure about C though, could be wrong on E. Anyone see it different?
Option D. but if the org already uses a strong config management platform, C might be redundant.
This question is super clear about mapping requirements to controls. I think C (SCAP) fits since it's meant for config validation and compliance checks like password policies and firewall status. For the Zero Trust/remote access part, D (SASE) makes sense because it covers ZTNA and broader endpoint protections. Open to other views if someone reads it differently though!
Be respectful. No spam.
