What is the most secure policy for a firewall?
1D0-470
A.
To reject all traffic unless it is explicitly permitted
B.
To accept all traffic unless it is explicitly rejected
C.
To enable all internal interfaces
D.
To enable all external interfaces
Explanation:
By rejecting all traffic unless it is explicitly permitted makes sure that there are no open holes. If we just let any traffic through, then someone (a hacker) can exploit that situation and compromise the network.
Incorrect Answers:
B: To explicitly reject traffic requires knowledge of ALL potentially damaging traffic that might be sent to the firewall. No one can really know ALL, and to know many could mean a lot of rules being put in place – but most likely never enough. There will always end up being one loophole that a hacker finds.
C, D: Enabling all interfaces might not be a good idea, especially if there are multiple interfaces and they are connected to segments that require protection, and there are no filters in place to sift out damaging traffic.