CompTIA CASP+ Practice Test

Which device is best suited for implementing selective sandboxing of suspicious code and VoIP handling while blocking unwanted applications?

• A. HIPS
• B. WAF
• C. UTM
• D. Firewall

The correct answer is: UTM

The best choice for implementing selective sandboxing of suspicious code and VoIP handling, along with blocking unwanted applications, is a unified threat management (UTM) device. A UTM typically integrates multiple security features into a single appliance, including firewall, intrusion detection and prevention systems, antivirus, content filtering, and application control. In the context of this question, selective sandboxing allows for the testing of suspicious code in a controlled environment to observe behavior without risking the production network. UTMs often have advanced characteristics that can facilitate such sandboxing effectively, ensuring that any potentially harmful activities can be contained before affecting other systems. Moreover, UTMs are well-equipped for managing VoIP traffic and ensuring secure communications, which is critical in environments that rely on voice over IP technologies. They also provide robust capabilities to block unwanted applications, giving administrators the oversight and control needed to enforce security policies while protecting network integrity. In comparison, while a Host Intrusion Prevention System (HIPS) focuses primarily on detecting and preventing malicious activities at the host level, it does not typically provide the comprehensive features required for both sandboxing and VoIP handling. Web Application Firewalls (WAFs) protect web applications from attacks but do not address the broader aspects of network management and application control