CompTIA CASP+ (CAS-002) — Question 9

An administrator wants to enable policy based flexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions. Which of the following would BEST accomplish this?

Answer options

• A. Access control lists
• B. SELinux
• C. IPtables firewall
• D. HIPS

Correct answer: B

Explanation

SELinux is designed specifically to enforce mandatory access control policies, making it the best option for preventing unauthorized application modifications or executions. Access control lists (ACLs) provide discretionary access control but do not offer the same level of enforcement as SELinux. IPtables is a firewall tool that manages network traffic rather than application controls, and HIPS (Host Intrusion Prevention Systems) are reactive rather than proactive in terms of access control.