A security configuration where access is denied to any entity unless the entity appears on a whitelist.

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

A security configuration where access is denied to any entity unless the entity appears on a whitelist.

Explanation:
This describes an allow-list approach. In this model, access is granted only to entities that are explicitly listed, and everything else is denied by default. It embodies the idea of default deny with explicit permission, which minimizes risk by preventing untrusted or unknown entities from gaining access. The other terms describe different approaches: a block list (deny by default would be the opposite, blocking only listed bad actors while allowing others) and deny list is just another way to say block/blacklist. Permit list is a less common synonym for allow list, but the standard term is allow list.

This describes an allow-list approach. In this model, access is granted only to entities that are explicitly listed, and everything else is denied by default. It embodies the idea of default deny with explicit permission, which minimizes risk by preventing untrusted or unknown entities from gaining access.

The other terms describe different approaches: a block list (deny by default would be the opposite, blocking only listed bad actors while allowing others) and deny list is just another way to say block/blacklist. Permit list is a less common synonym for allow list, but the standard term is allow list.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy