nerdexam
(ISC)2

CISSP · Question #1127

An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?

The correct answer is C. IM clients can utilize random port numbers.. Securing IM traffic at the network perimeter is most challenging because IM clients can dynamically use random or non-standard ports, making traditional port-based firewall rules ineffective.

Submitted by emma.c· Mar 5, 2026Communication and Network Security

Question

An organization is trying to secure instant messaging (IM) communications through its network perimeter. Which of the following is the MOST significant challenge?

Options

  • AIM clients can interoperate between multiple vendors.
  • BIM clients can run without administrator privileges.
  • CIM clients can utilize random port numbers.
  • DIM clients can run as executable that do not require installation.

How the community answered

(42 responses)
  • A
    7% (3)
  • B
    2% (1)
  • C
    74% (31)
  • D
    17% (7)

Why each option

Securing IM traffic at the network perimeter is most challenging because IM clients can dynamically use random or non-standard ports, making traditional port-based firewall rules ineffective.

AIM clients can interoperate between multiple vendors.

Interoperability between vendors is an administrative and policy concern but does not directly enable IM traffic to evade perimeter security controls such as firewalls or proxies.

BIM clients can run without administrator privileges.

Running without administrator privileges affects endpoint security and software restriction policies, but does not prevent a perimeter firewall from inspecting or blocking the network traffic the IM client generates.

CIM clients can utilize random port numbers.Correct

IM clients that utilize random or dynamically assigned port numbers can bypass perimeter firewalls that rely on static port-based ACLs or rules, since those controls cannot anticipate which port the traffic will traverse. This technique, sometimes combined with HTTP/HTTPS tunneling, makes deep packet inspection or application-aware firewalls necessary to enforce policy. Without such controls, the organization cannot reliably block or monitor IM traffic at the perimeter.

DIM clients can run as executable that do not require installation.

Portable executables that do not require installation complicate endpoint software control, but the traffic they produce can still be filtered at the network perimeter if it uses known or static ports and protocols.

Concept tested: IM traffic evasion of perimeter firewall controls

Source: https://www.cisco.com/c/en/us/products/security/what-is-next-generation-firewall.html

Topics

#network security#firewall bypass#IM security#application control

Community Discussion

No community discussion yet for this question.

Full CISSP Practice