A security configuration where access is generally permitted to a software process, IP/domain, or other subject unless it is listed as explicitly prohibited.

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

A security configuration where access is generally permitted to a software process, IP/domain, or other subject unless it is listed as explicitly prohibited.

The concept being tested is a blocklist approach to access control, where the default behavior is to permit access, and only specific subjects on the list are blocked. A block list defines explicit prohibitions, so anything not on the list is allowed. This matches the description: access is generally permitted unless something is explicitly prohibited.

Why this fits best: the term “block list” directly conveys that only items on the list are prevented while all others are allowed. If you used an allow/permit list, the policy would be the opposite—only listed items are allowed, with the rest denied. A deny list is functionally the same idea as a block list, but block list is the more common terminology in many security contexts.

A security configuration where access is generally permitted to a software process, IP/domain, or other subject unless it is listed as explicitly prohibited.

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

A security configuration where access is generally permitted to a software process, IP/domain, or other subject unless it is listed as explicitly prohibited.

Get the latest from Examzify