How To Think Like A Manager for the CISSP Exam by Ahmed Luke

Author:Ahmed, Luke [Ahmed, Luke]
Language: eng
Format: epub, azw3
Publisher: Study Notes and Theory
Published: 2020-07-19T16:00:00+00:00

QUESTION 14

You are tasked with designing Rymar Tech's firewall architecture. The following three requirements must be met per senior management: at least two firewalls have to be deployed for two different subnets, a demilitarized zone (DMZ) is required, and a design must be created that provides the least amount of administrative overhead for security operations.

Which type of firewall deployment architecture will you choose?

A. Two-tier I

B. Two-tier II

C. Three-tier I

D. Three-tier II

Exam Strategy and Mentality

This is a straight technical question. There is not a high-level aspect to it, you just have to know the technical aspects of firewall deployment architectures. Let’s take a look at the requirements again to see if we can narrow the best possible choice by process of elimination.

At Least Two Firewalls

Management requires the new architecture to have “at least two firewalls”. To get this question correct, you have to know how many firewalls are utilized in each type of deployment. The choices do not translate to the number of firewalls, as in two-tier does not mean there are two firewalls and three-tier does not mean there are three firewalls. You cannot eliminate choice C and D right away just because it has the word "three". If you have no idea at all, just guess, as leaving an answer blank is considered incorrect on the exam. Note that the two firewalls are to be separate, not in high-availability.

DMZ is Required

Since a DMZ is "required", it means at least three choices contain a DMZ network. If all choices contain a DMZ, then it’s a matter of looking at which of the other requirements are missing. DMZs are traditionally separated from the internal network, so even a single firewall architecture will be able to have multiple networks. Firewalls traditionally contain multiple interfaces for segmenting multiple networks.

Least Administrative Overhead

Choice D, a three-tier II deployment just sounds like it would be a complex design and deserving of the most commitment of administrative management. "Tier" is the major term to understand. Tier refers to the number of protected networks or subnets. Three-tier firewalls have three networks and two-tier firewalls have two networks 1 . Knowing the difference between the two will help you get this question correct. In this sense, both choices C and D may be eliminated.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.