nerdexam
CompTIA

CV0-003 · Question #431

A cloud-based web proxy is blocking key sites that a business requires for operation. After validation, the sites are legitimate, and access is required for end users to complete their work. Which of

The correct answer is B. Whitelist the URLs.. Whitelisting (allowlisting) specific URLs in a web proxy is the correct way to permit access to validated legitimate sites without disabling security controls entirely.

Security

Question

A cloud-based web proxy is blocking key sites that a business requires for operation. After validation, the sites are legitimate, and access is required for end users to complete their work. Which of the following is the BEST solution to allow access to the sites?

Options

  • AInstruct users to bypass the cloud-based web proxy.
  • BWhitelist the URLs.
  • CBlacklist the URLs.
  • DCreate a security group for those users and enforce MFA.

How the community answered

(35 responses)
  • A
    6% (2)
  • B
    89% (31)
  • C
    3% (1)
  • D
    3% (1)

Why each option

Whitelisting (allowlisting) specific URLs in a web proxy is the correct way to permit access to validated legitimate sites without disabling security controls entirely.

AInstruct users to bypass the cloud-based web proxy.

Instructing users to bypass the proxy removes all filtering protections for those users, creating a broad security gap rather than a targeted exception for specific sites.

BWhitelist the URLs.Correct

Whitelisting the URLs adds the validated legitimate sites to an explicit allow list within the cloud-based web proxy, permitting only those specific destinations while keeping all other proxy filtering rules intact. This is the principle of least-privilege access - granting only the specific access needed. It maintains the security posture of the proxy while resolving the business access requirement.

CBlacklist the URLs.

Blacklisting the URLs would add them to a block list, which further denies access rather than allowing it, achieving the opposite of the desired outcome.

DCreate a security group for those users and enforce MFA.

Creating a security group and enforcing MFA addresses authentication strength but does not resolve the proxy blocking rule that is preventing access to the sites.

Concept tested: URL allowlisting in cloud-based web proxy

Source: https://learn.microsoft.com/en-us/defender-endpoint/web-content-filtering

Topics

#web proxy#URL filtering#whitelist#access control

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice