CompTIA Cloud+ (CV0-004) — Question 91

A customer relationship management application, which is hosted in a public cloud IaaS network, is vulnerable to a remote command execution vulnerability. Which of the following is the best solution for the security engineer to implement to prevent the application from being exploited by basic attacks?

Answer options

• A. IPS
• B. ACL
• C. DLP
• D. WAF

Correct answer: D

Explanation

The correct answer is D, WAF, as it specifically protects web applications by filtering and monitoring HTTP traffic, effectively preventing remote command execution attacks. IPS (A) is more focused on detecting and preventing intrusions rather than specifically addressing web application vulnerabilities. ACL (B) controls access to resources but does not specifically mitigate application-layer attacks. DLP (C) is concerned with data loss prevention, which is not relevant to blocking command execution vulnerabilities.