Which control uses application allow/block lists to regulate what can be installed on devices?

• A. Self-Encrypting Drive protects data at rest.
• B. Secure Boot prevents unwanted processes from executing during the boot operation.
• C. Trusted Boot/Measured Boot gathers secure metrics.
• D. Application Controls help regulate what can be installed on devices.

Answer: (D)

Application controls regulate what software can be installed or run on devices by using allow lists (whitelists) or block lists (blacklists). This approach enforces policy by only permitting approved applications to be installed or executed, while blocking everything else that isn’t on the approved set. That’s exactly what is described in the scenario: using application allow/block lists to control installation.

Self-Encrypting Drives focus on protecting data at rest, not controlling software installation. Secure Boot prevents unauthorized components from starting up during the boot process, but its primary role is boot integrity for the system rather than managing what software can be installed after boot. Trusted Boot/Measured Boot collects and records measurements of the boot process to detect tampering, not enforce installation policies on the operating system.