Which security measure is defined by its ability to highlight what is allowed to run while blocking everything else?

The correct answer highlights a security measure known as an "allow list," which specifically permits only pre-approved applications or processes to run on a system. This approach significantly enhances security by ensuring that only trusted software, vetted for safety, can execute, effectively creating a protective barrier against unknown or potentially harmful applications.

In contrast to other security measures, the allow list approach operates on the principle of default denial; meaning that everything not explicitly permitted is blocked. This drastically reduces the attack surface and mitigates risks associated with unapproved software running on the system. Essentially, organizations using this strategy can maintain tighter control over their operational environment, limiting the possibility of malware execution or unauthorized access.

While an antivirus solution is important for detecting known threats, it operates differently by focusing on identifying and neutralizing malicious software rather than strictly blocking everything that is not approved. A block list, conversely, focuses on preventing specific known threats and does not inherently promote a secure baseline like an allow list does. An immutable system serves to protect data integrity by preventing changes to critical components but does not specifically control which software is allowed to execute. Thus, the allow list is the most effective measure in terms of actively controlling application execution based on approved criteria.