Exam CAS-004 topic 1 question 175 discussion

I think the answer is B Allow List, Permit List An Allow List also know as a "Permit List" or (deprecated White List) is a list of entities that are considered trustworthy and are granted access or privileges. They can be used to authenticate users managing Firewalls as these IP addressess can be allowed to manage this Firewall. Other times Allow List/Permit List allow users to "permit" certain software (applications) to run on a computer system while all others are blocked.

Signing won't do anything without something to permit and deny based on the signed publisher. I work with application control and I never hear it referred to as "permit listing". I think the answer's wording is bad but I think this is the right choice.

permit only what is allowed = Whitelisting permit listing = Application White listing/Application Control Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

D is the correct answer

D is the correct answer.

Code signing is designed to provide a mechanism by which software can be verified to come from a trusted source. The presence of a code signature does not offer guarantees of code quality as it simply validates the originator. Verifying the originator of software can help measure its trustworthiness and can be used as a means to restrict software from running on a host, for example blocking any unsigned software from running or specifying that only software from a predefined set of signors can be used.

Permit listing or allow list (former whitelist)

D is the correct answer

signing - signed application code From Official Cert Guide- Unsigned applications are code that cannot be verified to be what it purports to be or to be free of malware. While many unsigned applications present absolutely no security issues, most enterprises wisely choose to forbid their installation. MDM software and security settings in the devices themselves can be used to prevent installation of unsigned apps.

D is my answer

Whitelisting is a network security approach that blocks resource access to all but a select few trusted entities. Also referred to as permit lists, allowlists, or passlists, whitelists can contribute to your access control strategy by making highly sensitive resources harder for adversaries to penetrate. - google

Code signing occurs when code creators digitally sign executables and scripts so that the user installing the code can be assured that it comes from the verified author.

They are talking code signing

This answer make no sense and i can't get a valid definition for them. My best guess is permit listing is the same as white listing, if it is then D is the correct answer since is exactly what the question is asking. If someone has some ideas as to what application signing is please share