Exam N10-008 topic 1 question 62 discussion

C is WRONG: https://www.fortinet.com/resources/cyberglossary/firewall-configuration Update the firmware has to be the very first step, obviously. Step 4: Configure Other Firewall Services and Logging

I would tend to go with C here. I don't feel configuring log settings relates to hardening a firewall. Open to correction here and just my thoughts.

You should confirm if your system is up to date always......logging is a good practice but it's all for clarity, it does not prevent vulnerabilities.

The question is asking which would "harden" the firewall. Syslog are just logs. Although it's important, and must be done, it has nothing to do with the aforementioned question. Updates are always a way to harden systems and applications. The answer is "C"

B doesn't 'harden' the firewall. It simply gives you oversite, monitoring and audit capabilities, yes it helps with overall security but doesn't physically harden the firewall itself. Firmware updates however will harden and patch the firewall. Answer is C in my opinion.

To ensure that all the firewalls are hardened successfully after configuration, the network engineer should perform the following step next: B. Configure the log settings on the firewalls to the central syslog server Configuring the log settings to send firewall logs to a central syslog server enables centralized monitoring and analysis of security events and policy violations across all firewall devices. This allows for better visibility into potential security threats and helps ensure that the firewalls are effectively protecting the network. Therefore, configuring log settings to send logs to a central syslog server would be the appropriate next step to ensure that all firewalls are hardened successfully.

keyword hardened, next step to hardening only with answer C

To ensure the best security and performance, it is generally recommended to update the firewalls with current firmware and software before configuring the firewall rules. This allows you to start with a secure and stable foundation and ensures compatibility between the firmware/software and the firewall rules.

C seems to be the correct answer here: "... new firewalls with the correct configuration to be deployed" implies that the firewall has not yet been deployed, so the next step would be to update the firmware before putting it into a production environment. Logging is not a hardening technique.

With the previous exams, I believe that word "hardened" associates with "updates" in comptia

Guys comptia trying to confuse, but there is a signs "configured new firewalls with the correct configuration" to be deployed to each remote branch After configuring new firewalls with the correct settings and disabling unneeded services, the next step to ensure that all the firewalls are hardened successfully should be: C. Update the firewalls with current firmware and software

Configure Log Settings (B): Configuring log settings is crucial for monitoring and auditing the firewall's activity. By sending logs to a central syslog server, the network engineer can have a centralized view of firewall events, aiding in troubleshooting and security analysis.

i think its C because of the key word hardend

Clue is "Hardening". While logging is important, it doesn't fit the question here.

B sounds logical to me

Patching will update to the most up to date SW

This is a hardening question not a protocol question.