Exam CISSP topic 1 question 468 discussion

C. Client application whitelisting application whitelisting is mentioned in all three sources. An EDGE NOT CLIENT firewall is also mentioned but whitelisting is the only consistent method that is listed in the choices. https://www.sentinelone.com/cybersecurity-101/zero-day-vulnerabilities-attacks/?utm_source=gdn-paid&utm_medium=paid-display&utm_campaign=nam-pmax-brand-ppc&utm_term=&campaign_id=19502097988&ad_id=&gad_source=1&gclid=CjwKCAiAt5euBhB9EiwAdkXWOxoh9lurCyjaFfOjo8GqIopGgHLT7SfgAE7zixwHM7O7G98IKofzfxoCizEQAvD_BwE https://cybriant.com/how-to-prevent-zero-day-attacks-in-5-steps/ https://www.faronics.com/news/blog/zero-day-vulnerabilities-stop-threat-cant-see-coming

C. Client application whitelisting The most effective method of defending against zero-day malware threats is typically client application whitelisting. Application whitelisting involves allowing only trusted and approved applications to run on a system while blocking all others. This approach is effective against zero-day threats because it focuses on permitting known, legitimate applications and denies the execution of any unauthorized or unknown software.

application whitelisting is a proactive security measure that can prevent zero-day threats from reaching your endpoints

"One of the most effective ways to prevent zero-day attacks is deploying a web application firewall (WAF) on the network edge. A WAF reviews all incoming traffic and filters out malicious inputs that might target security vulnerabilities." https://www.imperva.com/learn/application-security/zero-day-exploit/#:~:text=One%20of%20the%20most%20effective,that%20might%20target%20security%20vulnerabilities. But A states "client firewall" so that's not correct. C seems the only other option. "When it comes to preventing zero day threats and new, signatureless, or mutated malware from executing, the most effective method is application whitelisting." https://www.faronics.com/news/blog/zero-day-vulnerabilities-stop-threat-cant-see-coming

Client firewall seems to be the best answer of the 4 because even with application whitelisting, the application itself can be exploited.

One of the most effective ways to prevent zero-day attacks is deploying a web application firewall (WAF) on the network edge. A WAF reviews all incoming traffic and filters out malicious inputs that might target security vulnerabilities.

As per Chat-GPT : Client application whitelisting is the most effective method of defending against zero-day malware threats.

Definitely Client Application Whitelisting. Similar question in other exams. Allowing only specific applications can reduce the risk of zero days. Less attack surface as well.

Antivirus can be signature based or heuristic, according to this, an heuristic the heuristic model was specifically designed to spot suspicious characteristics that can be found in unknown, new viruses and modified versions of existing threats as well as known malware samples.

antivirus works on signatures, zero day doesnt have one. Logging/monitoring helps accountabiility. Client whitelisting allows only allowed apps to be installed. Allowed apps may also have zero-day vulnerability. The only option that makes sense here is "client based firewall." The firewall will only allow specific ports/protocols and block all else. Even if a firewall-allowed port/protocol becomes a vector, this is still the best option by far than the rest of the 3