A company wants to restrict uploads to a popular filesharing - CompTIA Security+ SY0-701
Question
A company wants to restrict uploads to a popular file-sharing website but allow downloads from the same website. Which of the following technologies would best accomplish this goal?
Answers
-
-
-
-
correct
Explanation
The correct answer is: D. NGFW (Next-Generation Firewall).
A Next-Generation Firewall (NGFW) can filter traffic based on application-layer rules, including distinguishing between upload and download actions on specific websites. By configuring granular policies, the NGFW can block outbound file uploads while still allowing inbound file downloads. Unlike traditional firewalls that filter only by port or protocol, NGFWs provide deep packet inspection and application awareness, making them the most effective technology for enforcing this selective restriction.
Why Other Options are Incorrect:
-
A. IDS
Incorrect because an Intrusion Detection System only monitors and alerts on suspicious activity. It cannot actively block uploads or enforce traffic rules, so it does not meet the company’s requirement for restriction. -
B. IPS
Incorrect because an Intrusion Prevention System can block malicious activity but is not designed for granular application-layer control. It cannot selectively allow downloads while preventing uploads on a file-sharing website. -
C. WAF
Incorrect because a Web Application Firewall is focused on protecting web applications from attacks like SQL injection or cross-site scripting. It does not provide the necessary control over upload/download traffic to external websites.
No Payment Cards Needed
