SY0-701 Question #240: Real Exam Question with Answer & Explanation

Question

A company tested and validated the effectiveness of network security appliances within the corporate network. The IDS detected a high rate of SQL injection attacks against the company's servers, and the company's perimeter firewall is at capacity. Which of the following would be the best action to maintain security and reduce the traffic to the perimeter firewall?

Options

• ASet the appliance to IPS mode and place it in front of the company firewall.
• BConvert the firewall to a WAF and use IPSec tunnels to increase throughput.
• CSet the firewall to fail open if it is overloaded with traffic and send alerts to the SIEM.
• DConfigure the firewall to perform deep packet inspection and monitor TLS traffic.

Explanation

Given the scenario where an Intrusion Detection System (IDS) has detected a high rate of SQL injection attacks and the perimeter firewall is at capacity, the best action would be to set the appliance to Intrusion Prevention System (IPS) mode and place it in front of the company firewall. This approach has several benefits: Intrusion Prevention System (IPS): Unlike IDS, which only detects and alerts on malicious activity, IPS can actively block and prevent those activities. Placing an IPS in front of the firewall means it can filter out malicious traffic before it reaches the firewall, reducing the load on the firewall and enhancing overall security. Reducing Traffic Load: By blocking SQL injection attacks and other malicious traffic before it reaches the firewall, the IPS helps maintain the firewall's performance and prevents it from becoming a bottleneck. Enhanced Security: The IPS provides an additional layer of defense, identifying and mitigating threats in real-time.

No community discussion yet for this question.