Exam CISSP topic 1 question 287 discussion

going for DLP

Answer is B. The question is discussing an application in the cloud, a.k.a, web application. In a web application, an "ACL" stands for "Access Control List," which is essentially a set of rules that define which users or groups can access specific data within the application and what actions they are allowed to perform on that data, effectively controlling who can read, write, or modify certain information based on their permissions level.

The given answer is A. Just providing another angle, authorized data sent might means only legit traffic to be sent, so HIPS ensure to filter unauthorized/malicious data/traffic to be sent to the application?

From what I understand "sent" means "outbound". DLP can be configured to ensure that only authorized data is sent to and from the application, ensuring that confidential data does not leave the corporate network inappropriately. For inbound data, tools like ACL, firewalls, or IPS are typically more relevant.

Woeful question - ACL due to integration with NAT? Dont see why it's DLP.

How is it DLP? the questions is asking how can we ensure that authorized data is sent to the app. Data Loss Prevention doesnt do this... The only tech that can remotely do this, although not the most effective way, is going to be the ACL based on these answer choices. ACL is the only one that can limit anything going anywhere.

Why not HIPS instead of ACL?

ACL is static and does not understand applications. Cloud services are dynamic, they usual use DNS to reach them. So ACL needs to be update if the Cloud services changes IP. Also if IP is changed, and ACL is not, it could send the correct data to the new IP host address. On top of this how does ACL stops IP spoofing? DLP is at least controlling at contend level which is more appriate, ACL is at the network layer.

Sorry, I wanted to say that I'm going with "B" - ACL

In the context of the original question about ensuring that only authorized data is sent to the application, the answer "Data Loss Prevention (DLP)" would be more specific and relevant to ensure that the data being sent complies with security policies and is not . violate specific restrictions. ACL no, it assures that it is a guide to what should be, I think the key word here is "will ensure", I choose C.

I see a lot of folks here going with C. Data loss prevention (DLP) because they are blindly believing Chatgpt answers. C. is the answer chatgpt gives and it's the wrong answer. If you challenge chatgpt to review the question again, it will change it's answer to B. Access control list (ACL). Based on the question, there's no way the answer can possibly be DLP. ACL is the correct answer. 100%.

The question is specifically asking for a tool that ensures authorized data is sent to the application. The correct answer is: B. Access control list (ACL) Access control lists (ACLs) are used to specify which users or systems have permission to access specific resources or applications. By configuring ACLs, you can control and restrict access to the application, ensuring that only authorized users or entities can send data to it.

An Access Control List (ACL) is used to define who can access a resource and what operations they can perform once they access it. In the context of ensuring that only authorized data is sent to an application, an ACL can be set up to allow only specific data or requests from authorized sources to reach the application, especially in a cloud-based environment.

ACL controls inbound access/data DLP does the opposite. The question talks about data sent to (inbound) the application: Access Control Lists (ACLs) are a security mechanism used to control access to resources based on user permissions. In the context of a cloud-based application, ACLs can be applied to data and resources to control who can access, modify, or send data to the application.

To ensure that authorized data is sent to the application when implementing a cloud-based application, a data loss prevention (DLP) tool would be most effective. DLP tools are designed to prevent unauthorized access, use, or transmission of sensitive data. They can be used to monitor and control data in transit, and ensure that only authorized users and applications can access and use it.

think C?

Clearly in the minority here but DLP doesn't make any sense to me. Verifying data that is being sent to an app really isn't DLP. Leaving the app, it might have made sense.