101 · Question #522
Which security mode. functions by defining what traffic is allowed and rejecting all other traffic?
The correct answer is D. positive security model. The positive security model uses an allowlist approach, explicitly defining permitted traffic and rejecting everything else by default.
Question
Which security mode. functions by defining what traffic is allowed and rejecting all other traffic?
Options
- Acontext-based access control mode!
- Brole-based access control mode!
- Cnegative security model
- Dpositive security model
How the community answered
(21 responses)- A5% (1)
- B5% (1)
- D90% (19)
Why each option
The positive security model uses an allowlist approach, explicitly defining permitted traffic and rejecting everything else by default.
Context-based access control evaluates traffic dynamically based on session state, source, and destination context, but does not describe the allowlist-versus-denyall filtering philosophy.
Role-based access control restricts system access according to assigned user roles and permissions, which is an identity and authorization concept unrelated to traffic filtering models.
The negative security model is the opposite approach - it defines what is explicitly blocked (a blocklist) and permits all other traffic by default, making it less restrictive than the positive model.
The positive security model operates on an implicit deny-all basis, where only traffic matching a predefined set of allowed rules is permitted to pass. This allowlist philosophy is used in WAFs and firewalls to block all unknown, unlisted, or unexpected traffic by default, providing a strong default-deny security posture.
Concept tested: Positive security model allowlist default-deny filtering
Source: https://owasp.org/www-community/controls/Positive_security_model
Topics
Community Discussion
No community discussion yet for this question.