CompTIA Security+ SY0-701 · Simulation Lab
You are the endpoint security analyst at Briarwood Freight, a regional trucking company. To shrink the attack surface, you are switching the Windows fleet from "run anything" to an allowlist: only software that lives in trusted system locations should be allowed to start, and everything else should be blocked by default.
One line-of-business app breaks that simple rule. The dispatch console
RouteDesk.exe runs from C:\LineOfBusiness\RouteDesk\ — outside the
protected system folders — and the Dispatchers team needs it. The vendor,
Larkspur Logistics Software, LLC, also ships updates roughly monthly, and you do
not want to edit policy every time the version number changes.
Working in the Default Domain Policy, complete the three tasks at right.
| Action | User or group | Condition | |
|---|---|---|---|
| This rule collection is empty. Start with Create default rules. | |||
These check themselves as you work the console.
Four questions on how AppLocker behaves. Pick one answer each.
© 2026 <AUTHOR NAME / ORG> · Original clean-room Security+ lab · assignmentId: splus-applocker-allowlist