nerdexam
F5

101 · Question #522

Which security mode. functions by defining what traffic is allowed and rejecting all other traffic?

The correct answer is D. positive security model. The positive security model uses an allowlist approach, explicitly defining permitted traffic and rejecting everything else by default.

Section 4: Security Basics

Question

Which security mode. functions by defining what traffic is allowed and rejecting all other traffic?

Options

  • Acontext-based access control mode!
  • Brole-based access control mode!
  • Cnegative security model
  • Dpositive security model

How the community answered

(21 responses)
  • A
    5% (1)
  • B
    5% (1)
  • D
    90% (19)

Why each option

The positive security model uses an allowlist approach, explicitly defining permitted traffic and rejecting everything else by default.

Acontext-based access control mode!

Context-based access control evaluates traffic dynamically based on session state, source, and destination context, but does not describe the allowlist-versus-denyall filtering philosophy.

Brole-based access control mode!

Role-based access control restricts system access according to assigned user roles and permissions, which is an identity and authorization concept unrelated to traffic filtering models.

Cnegative security model

The negative security model is the opposite approach - it defines what is explicitly blocked (a blocklist) and permits all other traffic by default, making it less restrictive than the positive model.

Dpositive security modelCorrect

The positive security model operates on an implicit deny-all basis, where only traffic matching a predefined set of allowed rules is permitted to pass. This allowlist philosophy is used in WAFs and firewalls to block all unknown, unlisted, or unexpected traffic by default, providing a strong default-deny security posture.

Concept tested: Positive security model allowlist default-deny filtering

Source: https://owasp.org/www-community/controls/Positive_security_model

Topics

#positive security model#negative security model#traffic filtering#access control

Community Discussion

No community discussion yet for this question.

Full 101 Practice