nerdexam
EC-Council

312-50V9 · Question #282

A penetration test was done at a company. After the test, a report was written and given to the company's IT authorities. A section from the report is shown below: - Access List should be written betw

The correct answer is C. A stateful firewall can be used between intranet (LAN) and DMZ.. The report recommends a packet-filtering security solution between the LAN and DMZ, which accurately describes the role of a stateful firewall, making C the only technically valid inference from the listed recommendations.

Evading IDS, Firewalls, and Honeypots

Question

A penetration test was done at a company. After the test, a report was written and given to the company's IT authorities. A section from the report is shown below:

  • Access List should be written between VLANs.
  • Port security should be enabled for the intranet.
  • A security solution which filters data packets should be set between

intranet (LAN) and DMZ.

  • A WAF should be used in front of the web applications.

According to the section from the report, which of the following choice is true?

Options

  • AMAC Spoof attacks cannot be performed.
  • BPossibility of SQL Injection attack is eliminated.
  • CA stateful firewall can be used between intranet (LAN) and DMZ.
  • DThere is access control policy between VLANs.

How the community answered

(30 responses)
  • A
    10% (3)
  • B
    3% (1)
  • C
    70% (21)
  • D
    17% (5)

Why each option

The report recommends a packet-filtering security solution between the LAN and DMZ, which accurately describes the role of a stateful firewall, making C the only technically valid inference from the listed recommendations.

AMAC Spoof attacks cannot be performed.

Port security limits MAC addresses per port to reduce MAC spoofing risk, but it cannot fully prevent MAC spoofing attacks - it only raises the difficulty, so the claim that they 'cannot be performed' is false.

BPossibility of SQL Injection attack is eliminated.

A WAF reduces the attack surface for SQL injection by filtering malicious input, but it does not eliminate the possibility entirely since WAF bypass techniques exist.

CA stateful firewall can be used between intranet (LAN) and DMZ.Correct

The report explicitly recommends 'a security solution which filters data packets' between the intranet and DMZ. A stateful firewall inspects and filters packets based on connection state and packet headers, which directly matches this description, making it a valid and appropriate solution for that network segment.

DThere is access control policy between VLANs.

The report states that access lists 'should be written' between VLANs, meaning this control does not yet exist - it is a recommendation, not a current implemented policy.

Concept tested: Stateful firewall placement between LAN and DMZ

Source: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/200203-Configure-a-DMZ-on-an-ASA.html

Topics

#stateful firewall#DMZ#WAF#VLAN security

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice