NETSEC-GENERALIST · Question #68
NETSEC-GENERALIST Question #68: Real Exam Question with Answer & Explanation
The correct answer is A: Dynamic Address Groups. A Dynamic Address Group (DAG) is a firewall feature that automatically updates firewall rules based on changing attributes of devices, servers, or endpoints. This allows engineers to simplify rule creation and ensure policies remain up-to-date without manual intervention. Why Dyn
Question
Which firewall attribute can an engineer use to simplify rule creation and automatically adapt to changes in server roles or security posture based on log events?
Options
- ADynamic Address Groups
- BDynamic User Groups
- CPredefined IP addresses
- DAddress objects
Explanation
A Dynamic Address Group (DAG) is a firewall feature that automatically updates firewall rules based on changing attributes of devices, servers, or endpoints. This allows engineers to simplify rule creation and ensure policies remain up-to-date without manual intervention. Why Dynamic Address Groups? Automatically Adapts to Changes DAGs use log events, tags, and attributes to dynamically update firewall rules. If a server role changes (e.g., a web server becomes an application server), it is automatically placed in the correct security rule without requiring manual updates. Simplifies Rule Creation Instead of manually defining static IP addresses, engineers use logical groupings based on metadata, such as VM tags, cloud attributes, or user roles. Ensures policies remain accurate even when IP addresses or security postures change.
Topics
Community Discussion
No community discussion yet for this question.