CISM Question #806: Real Exam Question with Answer & Explanation

The correct answer is B: A connectivity test from a restricted host. The most effective way to verify a firewall policy that restricts specific internal IP addresses is to perform a connectivity test from one of the restricted hosts. This directly validates whether the intended access restriction is enforced, whereas scans or external tests do not

Submitted by miguelv· Apr 18, 2026Information Security Program Development and Management

Question

Which of the following is the MOST effective way to verify the proper installation of a firewall policy that restricts a small group of internal IP addresses from accessing the internet?

Options

AA network discovery scan
BA connectivity test from a restricted host
CA simulated denial of service (DoS) attack against the firewall
DA port scan of the firewall from an external source

Explanation

The most effective way to verify a firewall policy that restricts specific internal IP addresses is to perform a connectivity test from one of the restricted hosts. This directly validates whether the intended access restriction is enforced, whereas scans or external tests do not confirm behavior from the affected internal systems.

Topics

#Firewall policy verification#Security control testing#Network access control#Effectiveness measurement

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions