CompTIA Security+ (SY0-601) — Question 15

An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled.
Which of the following can be used to accomplish this task?

Answer options

• A. Application allow list
• B. SWG
• C. Host-based firewall
• D. VPN

Correct answer: C

Explanation

The correct answer is C, as a Host-based firewall can be configured to block all ports except for 443, effectively meeting the security policy requirements. Options A (Application allow list) and B (SWG) do not specifically manage port access, while D (VPN) is used for secure remote access and does not control port settings.