Comptia Security Plus Mock Test Q6

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements?

A. Sniffers
B. NIDS
C. Firewalls
D. Web proxies
E. Layer 2 switches

Correct Answer: C
Section: Network Security

Explanation:
The basic purpose of a firewall is to isolate one network from another.

Incorrect Answers:

A: The terms protocol analyzer and packet sniffer are interchangeable. They refer to the tools used in the process of monitoring the data that is transmitted across a network.

B: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting network-focused attacks, such as bandwidth-based DoS attacks.

D: Web proxies are used to forward HTTP requests.

E: Layer 2 switching uses the media access control address (MAC address) from the host’s network interface cards (NICs) to decide where to forward frames. Layer 2 switching is hardware based, which means switches use application-specific integrated circuit (ASICs) to build and maintain filter tables (also known as MAC address tables or CAM tables).

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 342
http://en.wikipedia.org/wiki/Intrusion_prevention_system
http://en.wikipedia.org/wiki/LAN_switching
http://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers