nerdexam
CompTIA

CV0-003 · Question #232

A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from bein

The correct answer is B. Implement a network ACL.. A network ACL enforces traffic rules at the network layer that can prevent internal systems from reaching the SaaS solution, blocking any PII from being transmitted to or stored there.

Security

Question

A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from being stored in the SaaS solution?

Options

  • AImplement file-level encryption.
  • BImplement a network ACL.
  • CImplement an IPS.
  • DImplement content filtering.

How the community answered

(32 responses)
  • A
    6% (2)
  • B
    72% (23)
  • C
    19% (6)
  • D
    3% (1)

Why each option

A network ACL enforces traffic rules at the network layer that can prevent internal systems from reaching the SaaS solution, blocking any PII from being transmitted to or stored there.

AImplement file-level encryption.

File-level encryption protects data at rest but does not prevent PII from being transmitted to or stored in the SaaS solution.

BImplement a network ACL.Correct

A network ACL can restrict outbound traffic from internal hosts to the SaaS solution's endpoints, ensuring no data, including PII, can be transmitted to or stored in the SaaS environment. This is a network-layer control that enforces the data residency policy independently of user or application behavior. Blocking the network path provides a deterministic enforcement mechanism that does not rely on application-level controls.

CImplement an IPS.

An IPS is designed to detect and block malicious or anomalous traffic patterns, not to enforce data classification or residency policies like blocking PII.

DImplement content filtering.

Content filtering operates at the application layer and may not be directly integrated or configurable to block data storage within a specific SaaS solution's data flows.

Concept tested: Network access control to enforce data residency policy

Source: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

Topics

#PII protection#SaaS security#network ACL#data governance

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice