CompTIA Security Plus Mock Test Q190

It is MOST important to make sure that the firewall is configured to do which of the following?

A. Alert management of a possible intrusion.
B. Deny all traffic and only permit by exception.
C. Deny all traffic based on known signatures.
D. Alert the administrator of a possible intrusion.

Correct Answer: B
Section: Network Security

Explanation:
Firewalls manage traffic using filters, which is just a rule or set of rules. A recommended guideline for firewall rules is, “deny by default; allow by exception”.

Incorrect Answers:
A: This answer refers to intrusion detection.
C: This answer refers to a signature based IDS.
D: This answer refers to intrusion detection.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 6, 23
https://en.wikipedia.org/wiki/Intrusion_detection_system