Exam PCSFE topic 1 question 125 discussion

I say B,C, E Here's a brief explanation: North-south traffic (B): This refers to traffic that moves between the internal network and external networks, such as the internet. Protecting this traffic flow is critical as it can prevent external threats from entering the network and block outbound communication to malicious sites. Inbound traffic (C): This includes traffic coming into the network from external sources. By inspecting and securing inbound traffic, zero-day threats can be stopped before they reach internal resources. East-west traffic (E): This is the traffic that moves laterally within a data center or network. Protecting east-west traffic helps prevent the spread of threats once they have entered the network, limiting the damage that zero-day attacks can cause within the internal environment.

Of the listed options, only inbound traffic flow inspection can directly protect against zero-day attacks. Here's why the other options are less effective: * Outbound: This inspects traffic leaving the network, which wouldn't necessarily catch malicious code entering from outside. * North-south: This refers to traffic between the internet and the internal network, which includes both inbound and outbound traffic. While inbound traffic is part of north-south flow, it's not the only component. * Internal: This inspects traffic within the internal network, useful for malware detection but not specifically zero-day attacks at the entry point. * East-west: Similar to internal traffic, this focuses on communication between devices within the network, not necessarily catching external threats. Therefore, the most relevant option for zero-day protection is "C": Inbound By inspecting inbound traffic, firewalls can potentially identify and block suspicious activity even if it exploits an unknown vulnerability (zero-day).