PrepAway - Latest Free Exam Questions & Answers

Which of the following is the best course of action for…

The security administrator receives a service ticket saying a host based firewall is interfering with the operation of a new application that is being tested in
development. The administrator asks for clarification on which ports need to be open. The software vendor replies that it could use up to 20 ports and many
customers have disabled the host based firewall. After examining the system the administrator sees several ports that are open for database and application
servers that only used locally. The vendor continues to recommend disabling the host based firewall. Which of the following is the best course of action for the
administrator to take?

PrepAway - Latest Free Exam Questions & Answers

A.
Allow ports used by the application through the network firewall

B.
Allow ports used externally through the host firewall

C.
Follow the vendor recommendations and disable the host firewall

D.
Allow ports used locally through the host firewall

2 Comments on “Which of the following is the best course of action for…

  1. Super_Mario says:

    My take on the situation is as follows:
    ** A newapplication provided by the vendor is being tested prior to deployment in a Production environment
    ** The vendor advised that (a) some 20 ports need to be open at the “network firewall” in order for the app to work
    ** Yet, even thou said 20 ports are indeed opened at the network firewall, when they hit the host firewall said ports are blocked and the app does not work as a result
    ** The vendor then suggest that as well as (a) having the ports opened at the “network firewall” level, that the “host firewall” be disabled altogether so that it does not interfere with the app
    ** The vendor also says that”many customers have disabled the host based firewall”

    That on one hand. On the other hand, the security administrator was able to determine that there are “several ports that are open for database and application servers that only …can be … used locally.
    This means that said ports are being blocked by the “host firewall”, and this is where the crux of the matter lies.

    A firewall is every bit as critical to security as an anti-virus program. Firewalls stop malware from spreading to a network and defend against hackers attempting to infiltrate a targeted system. Disabling a firewall can therefore leave a business vulnerable to abuse, allowing viruses to infect interconnected devices, and giving cybercriminals the opportunity to execute malicious code remotely.
    Disabling a firewall permits all data packets to entering and exiting the network unrestricted. This includes not just expected traffic, but also malicious data — thereby putting the network at risk. This also applies to Host firewalls.
    Most user machines within the network are protected from intrusion from outside hosts by a network firewall, which limits access to these machines. However, a good security model requires the users to also “Install and configure a host based firewall”

    In light of the above, there is no need to say that disabling a Host Firewall is not a good idea and it should not be the first course of action or answer for anyone doing a Security+ exam. After all, how is that supposed to improve security?

    With the above in mind, let’s take a look at the answers:
    A. Allow ports used by the application through the network firewall. It has been already implicitly said that the ports are already opened at the network firewall, so this answer can be discarded. The issue is not at a “network firewall” level but at a “host firewall” level.
    B. Allow ports used externally through the host firewall. This seems to be a good idea, since disabling the host firewall is not an option. What is says is that the 20 ports opened at the “network firewall” level should also be opened at a “host firewall” level.
    C. Follow the vendor recommendations and disable the host firewall. This to my mind is not an option. Any vendor that asks for network security to be compromised so that they can run their app sounds rather suspicious to me and quite frankly simply unacceptable.
    D. Allow ports used locally through the host firewall. The security administrator was already able to determine that “several ports that are open for database and application servers that only …can be …used locally.” this means that ports used locally are to all extent and purposes already allowed through the host firewall

    So as far as I can see, C is the right answer.




    0



    0

Leave a Reply