Which of the following has been implemented when a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses?
Network segmentation refers to the practice of dividing a network into smaller, isolated segments to improve security and control the flow of network traffic. In the scenario described, the host-based firewall on the legacy Linux system is configured to allow connections only from specific internal IP addresses. This is a form of network segmentation because it restricts access to the host from specific parts of the internal network while blocking access from other segments or external sources. This helps to isolate and protect the host from potential threats and unauthorized access.
Coming back to the is questions.... It could also be A. I think the key word in the question is "Legacy."
A compensating control is an alternative measure implemented to mitigate the risk when a required security control cannot be implemented as specified. In the scenario described, the host-based firewall on a legacy Linux system allows connections only from specific internal IP addresses. This configuration acts as a compensating control if the ideal network segmentation cannot be implemented due to it being a legacy system.
Compensating controls are put in place to address security gaps and reduce risk in situations where the primary security control cannot be applied. Network segmentation might be the ideal solution, but if it cannot be implemented due to certain limitations or constraints like it being a legacy system, the host-based firewall with specific IP address restrictions can serve as a compensating control to achieve a similar level of security.
Compensating control because you are implementing host-based firewall for the reason of it being a legacy Linux system.
The reason I decided not to choose network segmentation is because based on COMPTIA Student Guide, it specifically mentions that the NOS firewall functions as a network segment, not the host-based firewall:
• Host-based firewall (or personal firewall)—implemented as a software
application running on a single host designed to protect that host only. As well as
enforcing packet filtering ACLs, a personal firewall can be used to allow or deny
software processes from accessing the network.
• Network operating system (NOS) firewall—a software-based firewall running
under a network server OS, such as Windows or Linux. The server would function as
a gateway or proxy for a network segment.
B. Network segmentation.
Network segmentation is a security strategy that involves dividing a computer network into smaller subnetworks, each with its own security measures. By implementing a host-based firewall on a legacy Linux system to allow connections only from specific internal IP addresses, you are essentially segmenting the network to control and restrict access based on predefined criteria. This helps in minimizing the potential attack surface and containing any security breaches within specific segments of the network.
When a host-based firewall on a legacy Linux system allows connections from only specific internal IP addresses, the security measure implemented is:
B. Network segmentation.
Network segmentation involves dividing a network into smaller, isolated segments to enhance security. By configuring the firewall to permit connections only from specific internal IP addresses, the network is effectively segmented, restricting access to authorized hosts while isolating the system from unauthorized or external sources. This enhances security by reducing the attack surface and controlling access within the network.
Compensating controls are measures taken to address any weaknesses of existing controls or to compensate for the inability to meet specific security requirements due to various different constraints.
In this scenario they're using a compensating control by segmenting the network. The answer is literally both A and B. Based on the information that is provided in the question, there is no way to tell which of the two is the right answer.
A. Compensating control
In a legacy system where modern security practices or network segmentation may not be fully implemented, a compensating control could be used to provide additional security or restrict access. In this case, the host-based firewall rule allowing connections from specific internal IP addresses serves as a compensating control to restrict access and enhance security within the limitations of the legacy environment.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ApplebeesWaiter1122
Highly Voted 1 year, 9 months agompengly88
1 year, 8 months agoklinkklonk
1 year, 3 months agojbreezy89
1 year, 6 months agoApplebeesWaiter1122
Highly Voted 1 year, 9 months agoApplebeesWaiter1122
1 year, 9 months agoCommando9800
Most Recent 2 months, 2 weeks agoxBrynlee
10 months, 2 weeks agoCG22
11 months, 4 weeks agoc56e966
1 year agospearous
1 year agospearous
1 year agoGeronemo
1 year agops1hacker
1 year, 2 months agosubaie503
1 year, 2 months agocaseymd85
1 year, 3 months agoganymede
1 year, 4 months agoSusAdmin
1 year, 5 months agotouisuzuki
1 year, 8 months agoJohn_Ferguson
1 year, 8 months agoAbdul2107
1 year, 9 months ago