Exam CISSP topic 1 question 224 discussion

A HIDS monitors processes and applications on a host. Not host-based firewall. So, D may not be the right answer.

an Host based firewall control traffics destined for the host.

C. Option D provides precise details about the specific types of checks performed by each type of firewall, but does not capture the general distinction in their control areas as succinctly as option C.

The correct answer here is C. The main difference between a network-based firewall and a host-based firewall is that a network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device

C. Control is the keyword.. I thought it was D.

According to the Official ISC2 CISSP CBK Reference (4th Edition), p.513, host-based firewall offer protection if a network-based firewall fails. Host-based firewalls are also useful for microsegmentation. The Official Study Guide (9th Edition), p. 553 does not put emphasis on processes or applications. Both books assume that host-based firewalls provide an additional layer of protection that can complement network-based firewalls and differ only when they are used - in a network or at an endpoint.

C. A network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device. Network-based firewalls are deployed in line with the traffic flow, protecting the entire network. They control traffic passing through the device, and can be used to block specific types of traffic, such as incoming or outgoing traffic from certain ports or IP addresses. Host-based firewalls are operated on single computers, via OS-run software. They control traffic destined for the device, and can be used to block specific types of traffic, such as incoming or outgoing traffic from certain applications or processes.

Question was according to a firewall not to an EDR/EPP. So C it is.

C. A network-based firewall controls traffic passing through the device, while a host-based firewall controls traffic destined for the device. A network-based firewall is typically installed on a network device such as a router or a switch, and monitors and controls incoming and outgoing network traffic based on predetermined security rules. On the other hand, a host-based firewall is installed on an individual host such as a computer or a server, and monitors and controls incoming and outgoing traffic destined for that specific host. It controls the incoming traffic to the host and outgoing traffic from the host based on predetermined security rules.

I go with C.

For and from.. but yea, c

Chose D but realised this is invalid - a host-based firewall still verifies network traffic destined for the device! Hence C is the only remaining valid answer.

Network-based firewalls are deployed in line with the traffic flow, protecting the entire network. Host-based firewalls are operated on single computers, via OS-run software. https://www.skillset.com/questions/what-are-the-differences-between-network-based-firewalls-and-host-based-firewalls-select-all-that-ap

Network firewalls control ingress/egress traffic flows at the network perimeter. Host firewalls control ingress/egress flows for applications on an endpoint... The description BitDefender allocates to its Host-Based Firewall is: "Monitors connections performed by your apps and provides advanced control of network connectivity", reviewing policies for my apps, I have a typical permit/deny ACL controlling which network(s), ports/protocols and direction (traffic coming into the computer for that app, traffic leaving my endpoint for that app, or both), I have an ACL for each app installed... adobe, Firefox, CCleaner. To me, this rules out D, and narrows it down to C only.

Answer is C. I can see why the wording can be confusing when mentioning "destined for the device" but destined can also mean bounded.

Answer D "Host based firewalls are on individual computers. Network firewalls are placed 'in-line' generally just before the border router. Considering defense in depth, host based firewalls and network firewalls can be used at the same time."

D. "So a modern firewall needs to monitor operating system events from the start until the end of processes, loading and unloading modules, and be able to link this information to data at the moment the packet is filtered in the driver." https://www.apriorit.com/dev-blog/543-how-host-based-firewall-works