PrepAway - Latest Free Exam Questions & Answers

There are many firewall implementations provided by firewall manufacturers. Which of the following implementat

There are many firewall implementations provided by firewall manufacturers. Which of the following implementation utilize two packet filtering routers and a bastion host? This approach creates the most secure firewall system since it supports network and application level security while defining a separate DMZ.

A. Dual Homed firewall

B. Screened subnet firewall

C. Screened host firewall

D. Anomaly based firewall

In network security, a screened subnet firewall is a variation of the dual-homed gateway and screened host firewall. It can be used to separate components of the firewall onto separate systems, thereby achieving greater throughput and flexibility, although at some cost to simplicity. As each component system of the screened subnet firewall needs to implement only a specific task, each system is less complex to configure.

A screened subnet firewall is often used to establish a demilitarized zone (DMZ).

Below are few examples of Firewall implementations:

Screened host Firewall

Utilizing a packet filtering router and a bastion host, this approach implements a basic network layer security and application server security.

An intruder in this configuration has to penetrate two separate systems before the security of the private network can be compromised

This firewall system is configured with the bastion host connected to the private network with a packet filtering router between internet and the bastion host

Dual-homed Firewall

A firewall system that has two or more network interface, each of which is connected to a different network

In a firewall configuration, a dual homed firewall system usually acts to block or filter some or all of the traffic trying to pass between the network

A dual-homed firewall system is more restrictive form of screened-host firewall system

Demilitarize Zone (DMZ) or screened-subnet firewall

Utilizing two packet filtering routers and a bastion host

This approach creates the most secure firewall system since it supports network and application level security while defining a separate DMZ network

Typically, DMZs are configured to limit access from the internet and organizations private network.

The following were incorrect answers:

The other types of firewall mentioned in the option do not utilize two packet filtering routers and a bastion host.

The following reference(s) were/was used to create this question:

CISA review manual 2014 Page number 346


Leave a Reply