The best answer is A. Ensure the firewall data plane moves to fail-closed mode.
The key requirement is that the company prioritizes confidentiality over availability. In a failure or security event, a fail-closed firewall blocks traffic rather than allowing traffic to continue through an untrusted or degraded state.
This choice protects sensitive business data, even if it temporarily interrupts transactions.
Why the other options are incorrect:
B. Implement a deny-all rule as the last firewall ACL rule.This is a standard best practice, but it does not specifically address behavior during a security event.
C. Prioritize business-critical application traffic through the firewall.This emphasizes availability and performance, not confidentiality.
D. Configure rate limiting between the firewall interfaces.Rate limiting can help with traffic control, but it is not the best match for the stated priority.
From a Security+ standpoint, when confidentiality is more important than uptime, fail closed is the correct choice.
