CISSP Question #1154: Real Exam Question with Answer & Explanation

Question

What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?

Options

• AImplement egress filtering at the organization's network boundary.
• BImplement network access control lists (ACL).
• CImplement a web application firewall (WAF).
• DImplement an intrusion prevention system (IPS).

Explanation

Reducing ICMP-based attack exposure begins with egress filtering at the network boundary to prevent malicious or spoofed ICMP traffic from leaving the organization and being used in amplification or reconnaissance attacks.

Common mistakes.

• B. Network ACLs are a valid complementary control but are typically applied at internal segment boundaries rather than the network perimeter, making them a secondary measure rather than the first step in reducing ICMP attack exposure.
• C. A Web Application Firewall (WAF) is designed to filter HTTP/HTTPS application-layer traffic and does not address ICMP-based attacks, which operate at the network layer (Layer 3), making it irrelevant as a first step here.
• D. An IPS is a detection and response tool that can identify ICMP-based attacks in progress, but it does not proactively prevent ICMP traffic from leaving or entering the network boundary, making it a reactive measure rather than the first step.

Concept tested. Egress filtering to mitigate ICMP-based network attacks

Reference. https://www.cisecurity.org/insights/blog/the-importance-of-egress-filtering

No community discussion yet for this question.