Question

You are implementing a new application control solution. Prior to enforcing your application whitelist, you want to monitor user traffic for a period of time to discover user behaviors and log violations for later review. How should you configure the application control software to handle applications not contained in the whitelist?

Answer 1

Answer: Flag

Step-by-step explanation:

When using an application control solution, it should be noted that the application whitelist is typically centrally defined which is applied to the network devices. In such case, the applications that are contained in the whitelist will be the only one that are allowed.

Therefore, the applications that are not contained in the whitelist should be flagged. This is necessary in order to effectively monitor the user traffic for a period of time in order to discover user behaviors.