CV0-003 · Question #232
A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from bein
The correct answer is B. Implement a network ACL.. A network ACL enforces traffic rules at the network layer that can prevent internal systems from reaching the SaaS solution, blocking any PII from being transmitted to or stored there.
Question
A manufacturing company's current security policy mandates PII is not stored in the SaaS solution. Which of the following configuration controls should be used to block sensitive information from being stored in the SaaS solution?
Options
- AImplement file-level encryption.
- BImplement a network ACL.
- CImplement an IPS.
- DImplement content filtering.
How the community answered
(32 responses)- A6% (2)
- B72% (23)
- C19% (6)
- D3% (1)
Why each option
A network ACL enforces traffic rules at the network layer that can prevent internal systems from reaching the SaaS solution, blocking any PII from being transmitted to or stored there.
File-level encryption protects data at rest but does not prevent PII from being transmitted to or stored in the SaaS solution.
A network ACL can restrict outbound traffic from internal hosts to the SaaS solution's endpoints, ensuring no data, including PII, can be transmitted to or stored in the SaaS environment. This is a network-layer control that enforces the data residency policy independently of user or application behavior. Blocking the network path provides a deterministic enforcement mechanism that does not rely on application-level controls.
An IPS is designed to detect and block malicious or anomalous traffic patterns, not to enforce data classification or residency policies like blocking PII.
Content filtering operates at the application layer and may not be directly integrated or configurable to block data storage within a specific SaaS solution's data flows.
Concept tested: Network access control to enforce data residency policy
Source: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Topics
Community Discussion
No community discussion yet for this question.