312-50V13 Question #202: Real Exam Question with Answer & Explanation

Question

The network team has well-established procedures to follow for creating new rules on the firewall. This includes having approval from a manager prior to implementing any new rules. While reviewing the firewall configuration, you notice a recently implemented rule but cannot locate manager approval for it. What would be a good step to have in the procedures for a situation like this?

Options

• AHave the network team document the reason why the rule was implemented without prior
• BMonitor all traffic using the firewall rule until a manager can approve it.
• CDo not roll back the firewall rule as the business may be relying upon it, but try to get manager
• DImmediately roll back the firewall rule until a manager can approve it

Explanation

Any firewall rule implemented without proper manager approval, violating established security procedures, must be immediately rolled back to maintain security policy integrity.

Common mistakes.

• A. Documenting the reason after the fact does not address the immediate security risk or the procedural violation of implementing the rule without prior approval.
• B. Monitoring traffic using an unapproved firewall rule still means the organization is operating under a potentially unauthorized and insecure configuration, which should not be permitted.
• C. Relying on an unapproved rule for business operations ignores the fundamental security principle of change management and approval, potentially exposing the organization to unknown risks.

Concept tested. Change management, security policy enforcement, and incident response for policy violations

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171r2.pdf

No community discussion yet for this question.