A. An application control mechanism that uses the cryptographic fingerprint of an executable binary to determine whether it is permitted to run β cannot be bypassed by renaming the file, but requires policy updates on every software version change
B. A logical network segmentation technology that creates isolated broadcast domains on shared physical switching infrastructure using IEEE 802.1Q frame tagging
C. The default action applied when no ACL rule matches an evaluated connection β typically blocks the traffic, enforcing a "deny unless explicitly permitted" security posture
D. An application control policy stance where nothing may execute unless it has been explicitly approved β blocks zero-day and unknown malware by default because they have no entry in the approved list