Certified Information Systems Auditor (CISA) — Question 1424

Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?

Answer options

• A. File level encryption
• B. Application level firewalls
• C. Instant messaging policy
• D. File Transfer Protocol (FTP)

Correct answer: B

Explanation

Application level firewalls are designed to monitor and control application-level traffic, making them the best choice for preventing unauthorized file transfers through instant messaging. While file level encryption protects the content of files, it does not prevent their transfer. An instant messaging policy provides guidelines but lacks enforcement capabilities, and FTP is irrelevant as it pertains to a different transfer method.