CompTIA Security+ (SY0-701) — Question 505

A Chief Information Security Officer (CISO) wants to:

• Prevent employees from downloading malicious content.
• Establish controls based on departments and users.
• Map internet access for business applications to specific service accounts.
• Restrict content based on categorization.

Which of the following should the CSO implement?

Answer options

• A. Web application firewall
• B. Secure DNS server
• C. Jump server
• D. Next-generation firewall

Correct answer: D

Explanation

The Next-generation firewall is designed to provide advanced security features, such as application awareness and control, which help in preventing malicious downloads and enforcing content restrictions based on categorization. Other options like Web application firewalls and Secure DNS servers do not offer the same level of comprehensive access control and user-specific restrictions, while a Jump server primarily serves as a secure access point rather than a content filtering solution.