Why is it risky if you wanted to make an exception to the application policy to allow file sharing software?

The software can shrink attack vectors

The software can normalize log data

The software could disable full disk encryption $($FDE$)$

The software could be infected with malware

What is a defining characteristic of a defense$-$in$-$depth strategy to IT security?

Multiple overlapping layers of defense

Encryption

Strong passwords

Confidentiality

Ideally, an attack surface is

open and defended.

frequently updated.

as large as possible.

as small as possible.