Which of the following delineates why it is important to perform egress filtering and monitoring on
Internet connected security zones of interfaces on a firewall?
A.
Egress traffic is more important than ingress traffic for malware prevention
B.
To rebalance the amount of outbound traffic and inbound traffic
C.
Outbound traffic could be communicating to known botnet sources
D.
To prevent DDoS attacks originating from external network
B is just not right. You do egress filtering to make sure that insider machines are not perpetuating malware attacks. Of the answers provided, C and D are potential answers. Ideally, if there is a DDoS attack which originates from the outside, you would probably block off the ingress traffic. However, if your system has a bot on it and is requesting comms from the bad guys or is instigating an attack, then your firewall would need to stop that traffic. The clear answer is C.
1
0
Egress filtering is a network security measure that filters outgoing data using a firewall before transmitting the data to another network, preventing all unauthorized traffic from leaving the network
1
0
C is the answer on this
Outbound traffic could be communicating to known botnet sources
but NOT B
4
0
D?
0
0
WORD DEFINITION:
** Egress: the action of going out of or leaving a place.
** Ingress: the action or fact of going in or entering; the capacity or right of entrance.
TECHNICAL DEFINITION: In computer networking, EGRESS FILTERING is the practice of monitoring and potentially restricting the flow of information OUTBOUND from one network to another. Typically it is information from a private TCP/IP computer network to the Internet that is controlled.
KEYS:
** In here, the flow of traffic is OUTBOUND = Egress
** And no INBOUND = Ingress)
** It is a SECURITY measure and not a HIGH AVAILABILITY measure
So the only possible answer is C, as D deals with inbound traffic
2
0