CAS-003 · Question #107
CAS-003 Question #107: Real Exam Question with Answer & Explanation
The correct answer is A: A dual firewall DMZ with remote logging where each firewall is managed by a separate. Security in depth is the concept of creating additional layers of security. The traditional approach of securing the IT infrastructure is no longer enough. Today's threats are multifaceted and often persistent, and traditional network perimeter security controls cannot effectivel
Question
Options
- AA dual firewall DMZ with remote logging where each firewall is managed by a separate
- BA single firewall DMZ where each firewall interface is managed by a separate administrator and
- CA SaaS based firewall which logs to the company's local storage via SSL, and is managed by the
- DA virtualized firewall, where each virtual instance is managed by a separate administrator and
Explanation
Security in depth is the concept of creating additional layers of security. The traditional approach of securing the IT infrastructure is no longer enough. Today's threats are multifaceted and often persistent, and traditional network perimeter security controls cannot effectively mitigate them. Organizations need to implement more effective, multi-level security controls that are embedded with their electronic assets. They need to protect key assets from both external and internal threats. This security in depth approach is meant to sustain attacks even when perimeter and traditional controls have been breached. In this question, using two firewalls to secure the DMZ from both external and internal attacks is the best approach. Having each firewall managed by a separate administrator will reduce the chance of a configuration error being made on both firewalls. The remote logging will enable incident reconstruction.
Community Discussion
No community discussion yet for this question.