CV0-002 · Question #232
A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from bein
The correct answer is B. Implement a network ACL.. To prevent PII from being stored in a SaaS solution, a network ACL can be configured to block network access to the SaaS from specific internal networks or user groups known to handle sensitive data.
Question
A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from being stored in the SaaS solution?
Options
- AImplement file-level encryption.
- BImplement a network ACL.
- CImplement an IPS.
- DImplement content filtering.
How the community answered
(43 responses)- A14% (6)
- B77% (33)
- C5% (2)
- D5% (2)
Why each option
To prevent PII from being stored in a SaaS solution, a network ACL can be configured to block network access to the SaaS from specific internal networks or user groups known to handle sensitive data.
File-level encryption protects data that is already stored but does not prevent the initial storage of PII in the SaaS solution as mandated by policy.
A network ACL is a configuration control that permits or denies network traffic based on network parameters. By configuring an ACL to block access to the SaaS solution from specific internal networks or systems that handle PII, the organization can prevent sensitive information from being transferred and stored.
An IPS primarily focuses on detecting and preventing malicious network activity or intrusions, not on inspecting and blocking specific sensitive content like PII during legitimate data transfers to a SaaS solution.
While content filtering inspects data streams for PII and can prevent its transfer, a network ACL provides a more fundamental network-level restriction on access to the SaaS from potential PII sources, acting as a direct configuration control to block any data from those sources.
Concept tested: Network access control for cloud services
Source: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Topics
Community Discussion
No community discussion yet for this question.