Certified Information Systems Security Professional (CISSP) — Question 226
Which of the following technologies can be used to monitor and dynamically respond to potential threats on web applications?
Answer options
- A. Field-level tokenization
- B. Web application vulnerability scanners
- C. Runtime application self-protection (RASP)
- D. Security Assertion Markup Language (SAML)
Correct answer: C
Explanation
Runtime application self-protection (RASP) is designed to monitor applications in real-time and respond to threats as they occur, making it the correct choice. In contrast, field-level tokenization and web application vulnerability scanners are preventative measures that do not actively respond to threats, while SAML is a framework for exchanging authentication and authorization data, not for threat monitoring.