From what I understand "sent" means "outbound". DLP can be configured to ensure that only authorized data is sent to and from the application, ensuring that confidential data does not leave the corporate network inappropriately. For inbound data, tools like ACL, firewalls, or IPS are typically more relevant.
How is it DLP? the questions is asking how can we ensure that authorized data is sent to the app. Data Loss Prevention doesnt do this...
The only tech that can remotely do this, although not the most effective way, is going to be the ACL based on these answer choices. ACL is the only one that can limit anything going anywhere.
ACL is static and does not understand applications. Cloud services are dynamic, they usual use DNS to reach them. So ACL needs to be update if the Cloud services changes IP. Also if IP is changed, and ACL is not, it could send the correct data to the new IP host address. On top of this how does ACL stops IP spoofing? DLP is at least controlling at contend level which is more appriate, ACL is at the network layer.
In the context of the original question about ensuring that only authorized data is sent to the application, the answer "Data Loss Prevention (DLP)" would be more specific and relevant to ensure that the data being sent complies with security policies and is not . violate specific restrictions. ACL no, it assures that it is a guide to what should be, I think the key word here is "will ensure", I choose C.
I see a lot of folks here going with C. Data loss prevention (DLP) because they are blindly believing Chatgpt answers. C. is the answer chatgpt gives and it's the wrong answer. If you challenge chatgpt to review the question again, it will change it's answer to B. Access control list (ACL). Based on the question, there's no way the answer can possibly be DLP. ACL is the correct answer. 100%.
The question is specifically asking for a tool that ensures authorized data is sent to the application. The correct answer is:
B. Access control list (ACL)
Access control lists (ACLs) are used to specify which users or systems have permission to access specific resources or applications. By configuring ACLs, you can control and restrict access to the application, ensuring that only authorized users or entities can send data to it.
An Access Control List (ACL) is used to define who can access a resource and what operations they can perform once they access it. In the context of ensuring that only authorized data is sent to an application, an ACL can be set up to allow only specific data or requests from authorized sources to reach the application, especially in a cloud-based environment.
ACL controls inbound access/data
DLP does the opposite.
The question talks about data sent to (inbound) the application:
Access Control Lists (ACLs) are a security mechanism used to control access to resources based on user permissions. In the context of a cloud-based application, ACLs can be applied to data and resources to control who can access, modify, or send data to the application.
To ensure that authorized data is sent to the application when implementing a cloud-based application, a data loss prevention (DLP) tool would be most effective. DLP tools are designed to prevent unauthorized access, use, or transmission of sensitive data. They can be used to monitor and control data in transit, and ensure that only authorized users and applications can access and use it.
Clearly in the minority here but DLP doesn't make any sense to me. Verifying data that is being sent to an app really isn't DLP. Leaving the app, it might have made sense.
Access control list (ACL) is a security tool that can ensure authorized data is sent to the application when implementing a cloud-based application. It controls access to network resources by defining rules that specify which users or systems are allowed to access specific resources and what actions they are allowed to perform on those resources.
Data loss prevention (DLP)
Rule-based software that is specialized toward preventing data exfiltration. It operates by recognizing and blocking unauthorized outbound data flows; it can be placed on hosts or network devices.
Answer is C - CISSP Official Study Guide pg 189 - "Network-Based DLP A network-based DLP scans all outgoing data looking for specific data. Administrators place it on the
edge of the network to scan all data leaving the organization. If a user sends out a file containing restricted data, the DLP system will detect it and prevent it from leaving the organization. The DLP system will send an alert, such as an email to an administrator. Cloud-based DLP is a subset of network-based DLP."
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Cww1
Highly Voted 2 years, 2 months agojackdryan
1 year, 6 months agodeeden
Most Recent 3 months, 2 weeks ago8b48948
5 months, 3 weeks agoCCNPWILL
6 months, 3 weeks agomarziparzi
7 months, 3 weeks agohoho2000
8 months, 2 weeks ago629f731
10 months, 2 weeks ago629f731
10 months, 2 weeks agoSoleandheel
11 months, 2 weeks agoSoleandheel
11 months, 2 weeks agoBoyBastos
1 year, 2 months agoNanakay
1 year, 4 months agoDelab202
1 year, 7 months agoIvanchun
1 year, 7 months agoMarzie
1 year, 7 months agoDee83
1 year, 10 months agoDelab202
1 year, 11 months agoRVoigt
1 year, 9 months agoRVoigt
1 year, 8 months ago