Exam SY0-701 Topic 1 Question 201 Discussion
Actual exam question for CompTIA's SY0-701 exam
Question #: 201
Topic #: 1
Question #: 201
Topic #: 1
A company tested and validated the effectiveness of network security appliances within the corporate network. The IDS detected a high rate of SQL injection attacks against the company's servers, and the company's perimeter firewall is at capacity. Which of the following would be the best action to maintain security and reduce the traffic to the perimeter firewall?
Suggested Answer: A Vote an answer
Given the scenario where an Intrusion Detection System (IDS) has detected a high rate of SQL injection attacks and the perimeter firewall is at capacity, the best action would be to set the appliance to Intrusion Prevention System (IPS) mode and place it in front of the company firewall. This approach has several benefits:
Intrusion Prevention System (IPS): Unlike IDS, which only detects and alerts on malicious activity, IPS can actively block and prevent those activities. Placing an IPS in front of the firewall means it can filter out malicious traffic before it reaches the firewall, reducing the load on the firewall and enhancing overall security.
Reducing Traffic Load: By blocking SQL injection attacks and other malicious traffic before it reaches the firewall, the IPS helps maintain the firewall's performance and prevents it from becoming a bottleneck.
Enhanced Security: The IPS provides an additional layer of defense, identifying and mitigating threats in real-time.
Option B (Convert the firewall to a WAF and use IPSec tunnels) would not address the primary issue of reducing traffic to the firewall effectively. Option C (Set the firewall to fail open) would compromise security. Option D (Deep packet inspection) could be resource-intensive and might not alleviate the firewall capacity issue effectively.
Intrusion Prevention System (IPS): Unlike IDS, which only detects and alerts on malicious activity, IPS can actively block and prevent those activities. Placing an IPS in front of the firewall means it can filter out malicious traffic before it reaches the firewall, reducing the load on the firewall and enhancing overall security.
Reducing Traffic Load: By blocking SQL injection attacks and other malicious traffic before it reaches the firewall, the IPS helps maintain the firewall's performance and prevents it from becoming a bottleneck.
Enhanced Security: The IPS provides an additional layer of defense, identifying and mitigating threats in real-time.
Option B (Convert the firewall to a WAF and use IPSec tunnels) would not address the primary issue of reducing traffic to the firewall effectively. Option C (Set the firewall to fail open) would compromise security. Option D (Deep packet inspection) could be resource-intensive and might not alleviate the firewall capacity issue effectively.
by Harry at Oct 07, 2024, 12:42 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).