GIAC
GCIH · Question #441
GCIH Question #441: Real Exam Question with Answer & Explanation
The correct answer is B: Enable egress firewall filtering. Rogue modems create unauthorized outbound dial-up connections that bypass perimeter defenses; egress firewall filtering is the most effective preventive control against the outbound communication they enable.
Reconnaissance, Scanning, and Enumeration
Question
Out of the following, which is the most effective way to protect against rogue modems and the risk they introduce?
Options
- AConduct regular war dialing scans
- BEnable egress firewall filtering
- CFilter modem lines at the firewall
- DDisable the Point to Point Protocol (PPP)
Explanation
Rogue modems create unauthorized outbound dial-up connections that bypass perimeter defenses; egress firewall filtering is the most effective preventive control against the outbound communication they enable.
Common mistakes.
- A. War dialing is a detection technique used to discover active modem lines by scanning phone numbers, not a preventive control that stops rogue modems from being exploited.
- C. Dial-up modem connections use the public telephone network and bypass the corporate firewall entirely, making filtering modem lines at the firewall technically infeasible in standard architectures.
- D. Disabling PPP is impractical to enforce across an enterprise and does not address the physical risk of unauthorized modem hardware being connected directly to workstations.
Concept tested. Rogue modem prevention using egress firewall filtering
Reference. https://csrc.nist.gov/publications/detail/sp/800-41/rev-1/final
Topics
#war dialing#rogue modems#egress filtering#dial-up security
Community Discussion
No community discussion yet for this question.