How To Think Like A Manager for the CISSP Exam by Ahmed Luke
Author:Ahmed, Luke [Ahmed, Luke]
Language: eng
Format: epub, azw3
Publisher: Study Notes and Theory
Published: 2020-07-19T16:00:00+00:00
QUESTION 14
You are tasked with designing Rymar Tech's firewall architecture. The following three requirements must be met per senior management: at least two firewalls have to be deployed for two different subnets, a demilitarized zone (DMZ) is required, and a design must be created that provides the least amount of administrative overhead for security operations.
Which type of firewall deployment architecture will you choose?
A. Two-tier I
B. Two-tier II
C. Three-tier I
D. Three-tier II
Exam Strategy and Mentality
This is a straight technical question. There is not a high-level aspect to it, you just have to know the technical aspects of firewall deployment architectures. Let’s take a look at the requirements again to see if we can narrow the best possible choice by process of elimination.
At Least Two Firewalls
Management requires the new architecture to have “at least two firewalls”. To get this question correct, you have to know how many firewalls are utilized in each type of deployment. The choices do not translate to the number of firewalls, as in two-tier does not mean there are two firewalls and three-tier does not mean there are three firewalls. You cannot eliminate choice C and D right away just because it has the word "three". If you have no idea at all, just guess, as leaving an answer blank is considered incorrect on the exam. Note that the two firewalls are to be separate, not in high-availability.
DMZ is Required
Since a DMZ is "required", it means at least three choices contain a DMZ network. If all choices contain a DMZ, then it’s a matter of looking at which of the other requirements are missing. DMZs are traditionally separated from the internal network, so even a single firewall architecture will be able to have multiple networks. Firewalls traditionally contain multiple interfaces for segmenting multiple networks.
Least Administrative Overhead
Choice D, a three-tier II deployment just sounds like it would be a complex design and deserving of the most commitment of administrative management. "Tier" is the major term to understand. Tier refers to the number of protected networks or subnets. Three-tier firewalls have three networks and two-tier firewalls have two networks 1 . Knowing the difference between the two will help you get this question correct. In this sense, both choices C and D may be eliminated.
Download
How To Think Like A Manager for the CISSP Exam by Ahmed Luke.azw3
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
TCP IP by Todd Lammle(2633)
MCSA Windows Server 2016 Study Guide: Exam 70-740 by William Panek(2309)
Networking A Beginner's Guide by Bruce Hallberg(1932)
The KCNA Book by Nigel Poulton(1926)
Red Hat Certified Specialist in Services Management and Automation EX358 Exam Guide by Eric McLeroy(1868)
31 Days Before Your CompTIA A+ Exams (Shanette Luellen's Library) by Benjamin Patrick Conry(1661)
MCSA Windows Server 2016 Study Guide: Exam 70-741 by William Panek(1477)
Unity Certified Programmer: Exam Guide by Philip Walker(1477)
PHP 7 Zend Certification Study Guide by Andrew Beak(1450)
Healthcare Information Security and Privacy (All-In-One) by Sean Murphy(1368)
CompTIA A+ Certification Guide (220-901 and 220-902) by Matthew Bennett(1337)
RHCSA & RHCE Red Hat Enterprise Linux 7: Training and Exam Preparation Guide (EX200 and EX300), Third Edition by Asghar Ghori(1302)
Essential Office 2016 by Wilson Kevin(1252)
Mobile Computing Deployment and Management by Robert J. Bartz(1252)
Microsoft Security, Compliance, and Identity Fundamentals Exam Ref SC-900 by Dwayne Natwick(1250)
Designing and Implementing Microsoft Azure Networking Solutions by David Okeyode(1244)
Essential Office 2016 (Computer Essentials) by Kevin Wilson(1224)
The Tao of Network Security Monitoring by Richard Bejtlich(1194)
CCNA Cisco Certified Network Associate Practice Labs and Simulations by Shwergho Smith(1144)