Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
ACL is static and does not understand applications. Cloud services are dynamic, they usual use DNS to reach them. So ACL needs to be update if the Cloud services changes IP. Also if IP is changed, and ACL is not, it could send the correct data to the new IP host address. On top of this how does ACL stops IP spoofing? DLP is at least controlling at contend level which is more appriate, ACL is at the network layer.
In the context of the original question about ensuring that only authorized data is sent to the application, the answer "Data Loss Prevention (DLP)" would be more specific and relevant to ensure that the data being sent complies with security policies and is not . violate specific restrictions. ACL no, it assures that it is a guide to what should be, I think the key word here is "will ensure", I choose C.
I see a lot of folks here going with C. Data loss prevention (DLP) because they are blindly believing Chatgpt answers. C. is the answer chatgpt gives and it's the wrong answer. If you challenge chatgpt to review the question again, it will change it's answer to B. Access control list (ACL). Based on the question, there's no way the answer can possibly be DLP. ACL is the correct answer. 100%.
The question is specifically asking for a tool that ensures authorized data is sent to the application. The correct answer is:
B. Access control list (ACL)
Access control lists (ACLs) are used to specify which users or systems have permission to access specific resources or applications. By configuring ACLs, you can control and restrict access to the application, ensuring that only authorized users or entities can send data to it.
An Access Control List (ACL) is used to define who can access a resource and what operations they can perform once they access it. In the context of ensuring that only authorized data is sent to an application, an ACL can be set up to allow only specific data or requests from authorized sources to reach the application, especially in a cloud-based environment.
ACL controls inbound access/data
DLP does the opposite.
The question talks about data sent to (inbound) the application:
Access Control Lists (ACLs) are a security mechanism used to control access to resources based on user permissions. In the context of a cloud-based application, ACLs can be applied to data and resources to control who can access, modify, or send data to the application.
To ensure that authorized data is sent to the application when implementing a cloud-based application, a data loss prevention (DLP) tool would be most effective. DLP tools are designed to prevent unauthorized access, use, or transmission of sensitive data. They can be used to monitor and control data in transit, and ensure that only authorized users and applications can access and use it.
Clearly in the minority here but DLP doesn't make any sense to me. Verifying data that is being sent to an app really isn't DLP. Leaving the app, it might have made sense.
Access control list (ACL) is a security tool that can ensure authorized data is sent to the application when implementing a cloud-based application. It controls access to network resources by defining rules that specify which users or systems are allowed to access specific resources and what actions they are allowed to perform on those resources.
Data loss prevention (DLP)
Rule-based software that is specialized toward preventing data exfiltration. It operates by recognizing and blocking unauthorized outbound data flows; it can be placed on hosts or network devices.
Answer is C - CISSP Official Study Guide pg 189 - "Network-Based DLP A network-based DLP scans all outgoing data looking for specific data. Administrators place it on the
edge of the network to scan all data leaving the organization. If a user sends out a file containing restricted data, the DLP system will detect it and prevent it from leaving the organization. The DLP system will send an alert, such as an email to an administrator. Cloud-based DLP is a subset of network-based DLP."
An ACL would not do any data security as it's filtering network traffic on Layers 3 and 4 of the OSI model. The question requires you to filter application data so a DLP would be most appropriate.
ACL is a list of permissions associated with a system or resource. It's not exclusive for network traffic. ACL specifies which users or systems processes are granted access to an object as well as what operations are allowed on given objects.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Cww1
Highly Voted 1 year, 7 months agojackdryan
11 months, 1 week agomarziparzi
Most Recent 1 week, 5 days agohoho2000
1 month, 1 week ago629f731
3 months, 1 week ago629f731
3 months, 1 week agoSoleandheel
4 months agoSoleandheel
4 months agoBoyBastos
7 months, 2 weeks agoNanakay
9 months agoDelab202
1 year agoIvanchun
1 year agoMarzie
1 year agoDee83
1 year, 2 months agoDelab202
1 year, 3 months agoRVoigt
1 year, 2 months agoRVoigt
1 year, 1 month agoIXone
1 year, 5 months agoWiDeBarulho
1 year, 5 months agoNickolos
1 year, 4 months agofranbarpro
1 year, 5 months ago