Which security approach permits only predefined approved inputs or entities…

2024

Which security approach permits only predefined approved inputs or entities while rejecting all others by default?

  1. A.

    Packet Sniffing

  2. B.

    Blacklisting

  3. C.

    Input Masking

  4. D.

    Whitelisting

  5. E.

    Traffic Shaping

Attempted by 35 students.

Show answer & explanation

Correct answer: D

The correct answer is Whitelisting (also called allowlisting).

Whitelisting follows a "default-deny" model: it maintains an explicit list of pre-approved inputs, applications, IP addresses, or entities, and permits ONLY those on the list. Everything not on the list is rejected automatically. This exactly matches the requirement of permitting only predefined approved entities while rejecting all others by default.

Because nothing runs or connects unless it has been explicitly approved, whitelisting is highly effective against unknown and zero-day threats. Its trade-off is higher maintenance, since every legitimate new item must be added to the list before it is allowed.

Contrast this with the opposite model, blacklisting (blocklisting), which is "default-allow": it lists only the known-bad items to block and permits everything else by default.

Explore the full course: Up Police Computer Operator