352-001 · Question #724
Refer to the exhibit. The operations team has identified that some of the multi-tiered e-commerce applications have slow performance, due to illegitimate inbound traffic from the Internet. On which ne
The correct answer is B. B. Illegitimate inbound internet traffic should be filtered at the network perimeter to drop malicious packets before they consume internal bandwidth or reach application tiers.
Question
Refer to the exhibit. The operations team has identified that some of the multi-tiered e-commerce applications have slow performance, due to illegitimate inbound traffic from the Internet. On which network device do you place traffic filtering to improve performance?
Exhibit
Options
- AA
- BB
- CC
- DD
How the community answered
(19 responses)- A5% (1)
- B74% (14)
- C5% (1)
- D16% (3)
Why each option
Illegitimate inbound internet traffic should be filtered at the network perimeter to drop malicious packets before they consume internal bandwidth or reach application tiers.
Device A is the upstream internet-facing router or ISP handoff point where the operator typically lacks the authority or capability to enforce granular inbound filtering policies.
Device B represents the perimeter firewall or edge security device positioned between the internet-facing router and the internal application tiers. Applying ACLs or firewall policies at this boundary drops illegitimate traffic at the earliest controllable point, preventing it from traversing internal links, consuming core bandwidth, or reaching web and database servers - directly resolving the application performance degradation caused by inbound floods.
Device C is an internal distribution or aggregation layer device; filtering here allows illegitimate traffic to already traverse and consume edge and uplink bandwidth before being discarded.
Device D is deep within the internal network at the server access tier; placing filtering here means malicious traffic travels across most of the infrastructure before being dropped, providing no meaningful performance improvement.
Concept tested: Perimeter traffic filtering placement for inbound threat mitigation
Source: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/Baseline_Security/securebasebook/sec_chap2.html
Topics
Community Discussion
No community discussion yet for this question.
