exam questions

Exam SSCP All Questions

View all questions & answers for the SSCP exam

Exam SSCP topic 6 question 223 discussion

Actual exam question from ISC's SSCP
Question #: 223
Topic #: 6
[All SSCP Questions]

Which of the following statements pertaining to firewalls is incorrect?

  • A. Firewalls create bottlenecks between the internal and external network.
  • B. Firewalls allow for centralization of security services in machines optimized and dedicated to the task.
  • C. Firewalls protect a network at all layers of the OSI models.
  • D. Firewalls are used to create security checkpoints at the boundaries of private networks.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Firewalls can protect a network at multiple layers of the OSI models, however most of the firewalls do not have the ability to monitor the payload of the packets and see if an application level attack is taking place.
Today there are a new breed of firewall called Unified Threat Managers or UTM. They are a collection of products on a single computer and not necessarily a typical firewall. A UTM can address all of the layers but typically a firewall cannot.
Firewalls are security checkpoints at the boundaries of internal networks through which every packet must pass and be inspected, hence they create bottlenecks between the internal and external networks. But since external connections are relatively slow compared to modern computers, the latency caused by this bottleneck can almost be transparent.
By implementing the concept of border security, they centralize security services in machines optimized and dedicated to the task, thus relieving the other hosts on the network from that function.
Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 1: Understanding Firewalls.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
lowbattery
8 months, 3 weeks ago
I'm sorry, but Firewalls protect the physical layer? Sounds kinda stoopit.
upvoted 1 times
catastrophie
5 months ago
It can sound as "stoopit" as you want but when an outside attack spins up all your virtual machines on a server and pushed that server over capacity and the resource consumption causes overheating and equipment failure, thats a physical hardware failure. Or when your firewall is bypassed and now your ACL for credentials to a secured area is now wide open and someone rolls in and steals or damages physical equipment. Sure the firewall doesn't guard the door with a shotgun but it's still a line of defense in the physical layer.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago