CISSP · Question #1154
What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?
The correct answer is A. Implement egress filtering at the organization's network boundary.. Reducing ICMP-based attack exposure begins with egress filtering at the network boundary to prevent malicious or spoofed ICMP traffic from leaving the organization and being used in amplification or reconnaissance attacks.
Question
What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?
Options
- AImplement egress filtering at the organization's network boundary.
- BImplement network access control lists (ACL).
- CImplement a web application firewall (WAF).
- DImplement an intrusion prevention system (IPS).
How the community answered
(26 responses)- A81% (21)
- B4% (1)
- C4% (1)
- D12% (3)
Why each option
Reducing ICMP-based attack exposure begins with egress filtering at the network boundary to prevent malicious or spoofed ICMP traffic from leaving the organization and being used in amplification or reconnaissance attacks.
Egress filtering at the network boundary is the first and most foundational step because it prevents internally sourced spoofed ICMP packets from leaving the network, which are commonly exploited in reflection and amplification attacks such as Smurf attacks. By controlling what ICMP traffic exits the organization, you reduce the network's participation in and exposure to these attack vectors before any deeper inspection mechanisms are needed. This boundary-level control is a prerequisite that makes subsequent controls like ACLs or IPS more effective.
Network ACLs are a valid complementary control but are typically applied at internal segment boundaries rather than the network perimeter, making them a secondary measure rather than the first step in reducing ICMP attack exposure.
A Web Application Firewall (WAF) is designed to filter HTTP/HTTPS application-layer traffic and does not address ICMP-based attacks, which operate at the network layer (Layer 3), making it irrelevant as a first step here.
An IPS is a detection and response tool that can identify ICMP-based attacks in progress, but it does not proactively prevent ICMP traffic from leaving or entering the network boundary, making it a reactive measure rather than the first step.
Concept tested: Egress filtering to mitigate ICMP-based network attacks
Source: https://www.cisecurity.org/insights/blog/the-importance-of-egress-filtering
Topics
Community Discussion
No community discussion yet for this question.