Prev Question
Next Question

E-mail traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed from the
mail gateway, via firewall-2, to the mail recipients in the internal network. Other traffic is not allowed.
For example, the firewalls do not allow direct traffic from the Internet to the internal network.

5a27e189d2dc9 - The FIRST action triggered by the IDS should be to:

The intrusion detection system (IDS) detects traffic for the internal network that did not originate
from the mail gateway. The FIRST action triggered by the IDS should be to:

A.
alert the appropriate staff.

B.
create an entry in the log.

C.
close firewall-2.

D.
close firewall-1.

Explanation:
Traffic for the internal network that did not originate from the mail gateway is a sign that firewall-1
is not functioning properly. This may have been be caused by an attack from a hacker. Closing
firewa!l-2 is the first thing that should be done, thus preventing damage to the internal network.
After closing firewall-2, the malfunctioning of firewall-1 can be investigated. The IDS should trigger
the closing of firewall-2 either automatically or by manual intervention. Between the detection by
the IDS and a response from the system administrator valuable time can be lost, in which a hacker
could also compromise firewall-2. An entry in the log is valuable for later analysis, but before that,
the IDS should close firewall-2. If firewall-1 has already been compromised by a hacker, it might
not be possible for the IDS to close it.

Prev Question
Next Question
Tagged:

Leave a Reply

Your email address will not be published. Required fields are marked *