I am really blown away by everybody saying it is A.
The config will tell you where and what the firewall does. Location of firewall means absolutely nothing. Physical location? I mean a firewall ALWAYS sits in front of your business network...
A firewall should protect the application against attacks from the Internet and also from the untrusted users inside the corporate network (internal hackers). Firewalls may be implemented using hardware or software platforms. The location, firewall type, and configuration is important.
The security architecture of an online application is a design that describes how various security components and controls are integrated and configured to protect the application from internal and external threats. When auditing the security architecture of an online application, an IS auditor should first review the location of the firewall within the network, as this determines how effectively the firewall can filter and monitor the traffic between different network segments and zones.
What is the purpose of reviewing configuration first when the firewall have been placed at the worng place? Of course when you audit a network security first thing you say to the the client you ask for the network topology to understand the how the devices are set up. When it comes to the MOST important I agree should be D.
ChatGPT
Reviewing firewall standards (option B) is indeed an important aspect of auditing the security architecture of an online application. Firewall standards provide guidelines and best practices for configuring, managing, and monitoring firewalls, which are critical components of network security. By reviewing firewall standards first, an IS auditor can establish a baseline understanding of the organization's firewall requirements and expectations.
When auditing the security architecture of an online application, the FIRST step for an IS auditor should be to review the firewall standards. These standards define the rules, policies, and configurations governing the firewall’s operation. By assessing compliance with established standards, the auditor can gain insights into the effectiveness of the firewall’s design and implementation.
First, you need to review the firewall configuration, then you will have to determine whether this configuration is suitable to where the firewall was placed or not.
whatever reviewing that you are doing, it is useless if you dont know what should be taken care by that device. It is very important to understand the location, the deployment and the protection that device is taking care for the organization.
Hence, location of firewall must be identified first before anything else.
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Broesweelies
Highly Voted 2 years, 2 months agokGiGa
1 year, 8 months agocisastudy567
Most Recent 1 month, 3 weeks agoPurpleParrot
7 months, 1 week agoNoKev
8 months, 3 weeks agoRS66
10 months, 1 week agoshalota2
10 months, 3 weeks agoSwallows
11 months agoa84n
1 year ago5b56aae
1 year agodan08
1 year, 2 months agoRachy
1 year, 3 months ago001Yogesh
1 year, 4 months ago001Yogesh
1 year, 4 months ago007Georgeo
2 years agoMohamedAbdelaal
2 years agoMichaelHoang
2 years, 3 months agoDavid_Hu
2 years, 4 months ago