CISSP Question #1498: Real Exam Question with Answer & Explanation

Question

Which of the following security tools will ensure authorized data is sent to the application when implementing a cloud based application?

Options

• AHost-based intrusion prevention system (HIPS)
• BAccess control list (ACL)
• CFile integrity monitoring (FIM)
• DData loss prevention (DLP)

Explanation

Access Control Lists (ACLs) enforce authorization rules that determine which traffic or users are permitted to send data to an application, ensuring only authorized data reaches it. This is a foundational network and application security control for cloud-based environments.

Common mistakes.

• A. A Host-based Intrusion Prevention System (HIPS) monitors and blocks suspicious behavior or known attack patterns on an endpoint, but it does not enforce authorization rules that define which data or users are permitted to interact with an application.
• C. File Integrity Monitoring (FIM) detects unauthorized changes to files and system configurations to ensure data integrity at rest, but it does not control or validate whether incoming data sent to an application is from an authorized source.
• D. Data Loss Prevention (DLP) is designed to prevent sensitive data from leaving the organization (data exfiltration), not to control or validate whether inbound data sent to an application is authorized.

Concept tested. Access control enforcement for cloud application data authorization

Reference. https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

No community discussion yet for this question.