CAS-001 · Question #512
CAS-001 Question #512: Real Exam Question with Answer & Explanation
The correct answer is B: Placing the IDS device outside the firewall will allow it to monitor potential remote attacks while. Placing an IDS outside the firewall means it sees all inbound internet traffic before the firewall filters it. This lets it monitor and alert on all external attack attempts - including those the firewall would block - giving broader visibility into the threat landscape and attac
Question
Options
- APlacing the IDS device inside the firewall will allow it to monitor potential internal attacks but may
- BPlacing the IDS device outside the firewall will allow it to monitor potential remote attacks while
- CPlacing the IDS device inside the firewall will allow it to monitor potential remote attacks but may
- DPlacing the IDS device outside the firewall will allow it to monitor potential remote attacks but the
Explanation
Placing an IDS outside the firewall means it sees all inbound internet traffic before the firewall filters it. This lets it monitor and alert on all external attack attempts - including those the firewall would block - giving broader visibility into the threat landscape and attacker behavior. An IDS placed inside the firewall only sees traffic that has already passed through the firewall's filters, missing the full volume of external attacks. The trade-off for outside placement is that it generates higher alert volume (more noise) since it sees all unfiltered traffic. Answer B correctly captures the advantage of outside placement (visibility into remote attacks) and implicitly acknowledges that placement context matters for what the IDS can detect.
Community Discussion
No community discussion yet for this question.