When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:
A demilitarized zone (DMZ) is a network segment that is used to house publicly accessible services, such as web servers, email servers, and DNS servers. It is typically placed between the internal network and the external network (Internet), providing a buffer zone to protect the internal network from attacks.
In this case, placing an intrusion detection system (IDS) between the firewall and the DMZ would allow the IDS to monitor traffic for any suspicious activity that passes through the firewall but might have been missed. This would enhance the detection capabilities without overloading the firewall with all detection responsibilities.
(Option D). This placement allows the IDS to monitor all incoming and outgoing traffic that passes through the firewall, providing an additional layer of security by detecting and alerting on suspicious activities that the firewall might miss.
The BEST recommendation is to place an intrusion detection system (IDS) between the firewall and C. the Internet.
Here's the reasoning:
Placing the IDS before the firewall would allow it to detect attacks before they reach the firewall, potentially preventing them from causing damage.
Placing the IDS after the firewall would only detect attacks that managed to bypass the firewall, which is less effective.
Therefore, placing the IDS between the firewall and the Internet provides the best protection against a wide range of attacks.
If u place the IDS as a first line of defense, it will overloaded with traffic. Use the firewall to filter incomming traffic then use the IDS to identify intrusions. The answer is D.
Placing the IDS between the firewall and the Internet (option C) may be effective in monitoring incoming traffic from external sources, but it wouldn't provide visibility into traffic passing through the firewall and potentially targeting the DMZ. Similarly, placing the IDS between the firewall and the organization's network (option D) would focus on internal traffic but wouldn't specifically address threats targeting the DMZ. Therefore, placing the IDS between the firewall and the DMZ is the best recommendation for enhancing security and detecting attacks targeting the organization's public-facing servers.
Attack attempts that could not be recognized by the firewall will be detected if a network- based intrusion detection system is placed between the firewall and the organization’s network. A network-based intrusion detection system placed between the internet and the firewall will detect attack attempts, whether they do or do not enter the firewall.
If a network-based IDS is placed between the Internet and the firewall, it will detect all the attack attempts, whether or not they enter the firewall. If the IDS is placed between a firewall and the corporate network, it will detect those attacks that enter the firewall (it will detect intruders).
Correction - D is the correct answer since firewall is unable to recognize the attack attempts, IDS should be placed between the firewall and organization's network so as to alert the organization about such threats.
Placing IDS between internet and firewall in this case will lead to attack attempts recognized by the IDS but allowed by the firewall
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
9967be3
6 days, 16 hours agoOb1dor
1 month agopLulu
5 months, 2 weeks agoAction
6 months agoRS66
9 months, 3 weeks agoSwallows
11 months, 1 week ago3008
1 year, 4 months ago[Removed]
1 year, 4 months ago[Removed]
1 year, 4 months agoshiowbah
1 year, 6 months ago