CompTIA
CAS-002 · Question #274
CAS-002 Question #274: Real Exam Question with Answer & Explanation
The correct answer is B: Placing the IDS device outside the firewall will allow it to monitor potential remote attacks. IDS placement determines traffic visibility - outside the firewall captures all raw inbound external traffic, while inside captures only what the firewall allowed through.
Question
Which of the following BEST describes the implications of placing an IDS device inside or outside of the corporate firewall?
Options
- APlacing the IDS device inside the firewall will allow it to monitor potential internal attacks but
- BPlacing the IDS device outside the firewall will allow it to monitor potential remote attacks
- CPlacing the IDS device inside the firewall will allow it to monitor potential remote attacks but
- DPlacing the IDS device outside the firewall will allow it to monitor potential remote attacks but
Explanation
IDS placement determines traffic visibility - outside the firewall captures all raw inbound external traffic, while inside captures only what the firewall allowed through.
Common mistakes.
- A. An IDS inside the firewall monitors traffic that has already been filtered, so it sees internal threats and attacks that bypass the firewall, but it misses the broader external attack surface visible to an outside-placed sensor.
- C. An IDS inside the firewall does not effectively monitor remote attacks because the firewall has already filtered most inbound external traffic before the IDS can inspect it.
- D. This choice mischaracterizes the trade-offs of outside-firewall placement; the specific limitation it attributes to this configuration does not accurately reflect standard IDS deployment behavior.
Concept tested. IDS sensor placement inside vs outside the firewall
Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-94.pdf
Community Discussion
No community discussion yet for this question.