Exam SC-100 topic 4 question 27 discussion

Same as Question 23. https://www.examtopics.com/discussions/microsoft/view/99695-exam-sc-100-topic-4-question-23-discussion

D is the answer. https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager prevents malicious code from running by ensuring that only approved code, that you know, can be run. Application Control is a software-based security layer that enforces an explicit list of software that is allowed to run on a PC. On its own, Application Control doesn't have any hardware or firmware prerequisites. Application Control policies deployed with Configuration Manager enable a policy on devices in targeted collections that meet the minimum Windows version and SKU requirements outlined in this article. Optionally, hypervisor-based protection of Application Control policies deployed through Configuration Manager can be enabled through group policy on capable hardware.

Windows Defender Application Control (WDAC) seems better, but I go for D

from ChatGPT: Based on the requirements of ensuring that only authorized applications can run on the virtual machines, and that an unauthorized application is blocked automatically until an administrator authorizes it, the recommended security control to implement is application control policies in Microsoft Defender for Endpoint. Application control policies in Microsoft Defender for Endpoint provide a way to prevent the execution of malicious and unauthorized applications on Windows 10 and Windows Server 2019 machines. Application control policies can be used to block all unknown applications or allow only trusted applications to run. Using application control policies, you can create policies that restrict application execution to a specific set of approved applications. When an unknown application attempts to run, it will be blocked until the administrator approves it. Therefore, the correct answer is D) application control policies in Microsoft Defender for Endpoint.