Loading...
Menu

CISA EXAM-Testing Concept-Firewall

p<>{color:#000;}.

Testing Concept-Firewall

Hemang Doshi

CISA, ACA,DISA,FIII

Details about this E-Book:

This book simplifies the concept of different types of firewall which are relevant as per CISA exam. The objective of this e-book is to ensure that CISA candidate get adequate knowledge on concept of ‘Firewall’. Question Answer and Explanation (QAE) on the concepts are designed in accordance with CISA exam pattern. This small e-book will help CISA candidate to attempt questions on this particular concepts more confidently and correctly.

This book deals exclusively from CISA exam perspective. Concepts have been simplified for easy reference of CISA candidates.

 

 

 

 

 

 

 

 

 

 

 

CMR covers following types and implementation of firewall.

 

 

 

Types of Firewall

 

Following four types of firewalls are relevant for CISA Exam.

 

 

 

Out of above firewalls, Application level firewall is the most secured type of firewall.

 

What is bastion host?

Both Application-Level Firewall as well as Circuit-Level Firewall works on concept of bastion hosting. On the Internet, a bastion host is the only host computer that a company allows to be addressed directly from the public network and that is designed to protect the rest of its network from exposure. Bastion host are heavily forfeited against attack.

 

Common characteristics of a bastion host are as follows:

-Its Operating system is hardened, in the sense that only essential services are installed on it.

-System should have all the unnecessary services disabled, unneeded ports closed, unused applications removed, unnecessary administrative tools removed i.e vulnerabilities to be removed to the extent possible.

-It is configured to require additional authentication before a user is granted access to proxy services.

-It is configured to access only specific hosts.

What is Proxy?

A proxy is a middleman. Proxy stands between internal and external network. Proxy will not allow direct communication between two networks. Proxy technology can work at different layer of OSI model. A proxy based firewall that works at lower layer (session layer) is referred to as circuit-level proxy. A proxy based firewall that works at higher layer (application layer) is called as an application-level proxy.

Types of Firewall Implementation

 

Following three types of firewall implementation are relevant for CISA Exam.

 

 

Out of above firewall implementations, Screen-Subnet Firewall (DMZ) is the most secured type of firewall implementation.

 

 

Dual-Homed Firewall

 

Characteristics:

(i)One Packet Filtering Router

(ii)One bastion host with two NIC (Network Interface Card).

 

 

 

Screened Host Firewall

 

Characteristics:

(i)One Packet Filtering Router

(ii)One Bastion Host

 

 

Screened Host Firewall (Demilitarized Zone)

 

Characteristics:

(i)Two Packet Filtering Router

(ii)One Bastion Host

 

Point to remember for CISA Exam:

(1)Out of all types of firewall, Application-Level Firewall provides greatest security environment (as it works on application layer of OSI model).

 

(2)Out of all types of firewall implementation structures, Screened Subnet Firewall (DMZ) provides greatest security environment (as it implements 2 packet filtering router and 1 bastion host).

 

(3)In any given scenario, most robust configuration in firewall rule is ‘deny all traffic and allow specific traffic’ (as against ‘allow all traffic and deny specific traffic’).

 

(4)In any given scenario, Stateful Inspection Firewall allows traffic from outside only if it is in response to traffic from internal hosts.

 

(5)In any given scenario, following are the OSI layers at which various firewall operates:

 

Question, Answer & Explanation on Firewall:

Below QAE are solely on the concept of Firewall. They resemble to the type/nature of questions that are actually asked in CISA exams. Candidates are advised to attempt below questions multiple times. More emphasis to be given on explanation part for better understanding.

 

(1)The most robust configuration in firewall rule base is:

A. Allow all traffic and deny the specified traffic

B. Deny all traffic and allow the specified traffic

C. Dynamically decide based on traffic

D.Control traffic on the basis of discretion of network administrator.

 

Answer: A. Deny all traffic and allow the specified traffic

 

Explanation:

In any given scenario, most robust configuration in firewall rule is ‘deny all traffic and allow specific traffic’ (as against ‘allow all traffic and deny specific traffic’). This will help to block unknown traffic to critical systems and servers.

 

(2)A packet filtering firewall operates on which layer of following OSI model?

A. Network layer

B. Application layer

C. Transport layer

D. Session layer

 

Answer: A. Network layer

 

Explanation:

In any given scenario, following are the OSI layers at which various firewall operates:

 

(3)Which of the following would be the MOST secure firewall system implementation?

 

A. Screened-host firewall

B. Screened-subnet firewall

C. Dual-homed firewall

D. Stateful-inspection firewall

 

Answer: A. B. Screened-subnet firewall

 

Explanation:

Out of all types of firewall implementation structures, Screened Subnet Firewall provides greatest security environment (as it implements 2 packet filtering router and 1 bastion host). It acts as proxy and direct connection between internal network and external network is not allowed. A screened-subnet firewall is also used as a demilitarized zone (DMZ).

Difference between screened-subnet firewall and screened host firewall is that, screened-subnet firewall uses two packet filtering router whereas screened-host firewall uses only one packet-filtering firewall.

 

(4)Which of the following types of firewalls provide the MOST secured environment?

 

A. Statefull Inspection

B. Packet filter

C. Application gateway

D. Circuit gateway

 

Answer: C. Application gateway

 

Explanation:

Out of all types of firewall, Application-Level Firewall provides greatest security environment (as it works on application layer of OSI model).

 

Following is the major difference between application and circuit gateway:

(i)Application gateway works on application layer of OSI model and Circuit gateway works on session layer.

(ii)Application gateway has different proxies for each service whereas Circuit gateway has single proxy for all services.

 

Therefore, application gateway works in a more detailed (granularity) way than the others.

 

 

(5)An organization wants to protect a network from Internet attack. Which of the following firewall structure would BEST ensure the protection?

 

A. Screened subnet firewall

B. Screened host firewall

C. Packet filtering router

D. Circuit-level gateway

 

Answer: A. Screened subnet firewall

 

Explanation:

Out of all types of firewall implementation structures, Screened Subnet Firewall provides greatest security environment (as it implements 2 packet filtering router and 1 bastion host). It acts as proxy and direct connection between internal network and external network is not allowed. A screened-subnet firewall is also used as a demilitarized zone (DMZ).

Difference between screened-subnet firewall and screened host firewall is that, screened-subnet firewall uses two packet filtering router whereas screened-host firewall uses only one packet-filtering firewall. Both works on the concept of bastion host and proxy.

 

(6)The firewall that allows traffic from outside only if it is in response to traffic from internal hosts, is

A. Application level gateway firewall

B. Stateful Inspection Firewall

C. Packet filtering Router

D. Circuit level gateway

 

Answer: B. Stateful Inspection Firewall

 

Explanation:

Stateful Inspection Firewall keeps track of the connection and ensures that incoming message is in response to the request that went out of the organization.

 

 

 

(7)An organization with the objective of preventing downward of file through FTP (File Transfer Protocol) should configure which of the firewall types ?

 

A. Stateful Inspection

B. Application gateway

C. Packet filter

D. Circuit gateway

 

Answer: B. Application gateway

 

Explanation:

Application gateway works on application layer of OSI model and effective in preventing applications, such as FTPs and https. A circuit gateway firewall is able to prevent paths or circuits, not applications, from entering the organization’s network.

 

 

(8)An organization wants to connect a critical server to the internet. Which of the following would provide the BEST protection against hacking?

 

A. Stateful Inspection

B. A remote access server

C. Application-level gateway

D. Port scanning

 

Answer: C. Application-level gateway

 

Explanation:

Out of all types of firewall, Application-Level Firewall provides greatest security environment (as it works on application layer of OSI model).An application-level gateway is the best way to protect against hacking because it can define with detail rules that describe the type of user or connection that is or is not permitted. It

analyze each package in detail at application level of OSI which means that it reviews the commands of each higher-level protocol such as HTTP, FTP etc.

 

(9)An IS auditor should be most concern about which of the following while reviewing a firewall?

A. Properly defined security policy

B Use of latest firewall structure with most secure algorithm.

C. The effectiveness of the firewall in enforcing the security policy.

D. Technical knowledge of users.

 

Answer: The effectiveness of the firewall in enforcing the security policy.

 

Explanation:

In absence of effective firewall implementation, other factors will not be effective. The existence of a good security policy is important, but if the firewall has not been implemented so as to effectively enforce the policy, then the policy is of little value.

 

 

(10)While implementing a firewall, the most likely error to occur is:

 

A. wrong configuration of the access lists.

B. compromise of the password due to shoulder surfing.

C. inadequate user training about firewall rules.

D. inadequate anti-virus updation.

 

Answer: A. wrong configuration of the access lists.

 

Explanation:

Updation of correct and current access list is a significant challenge and, therefore, has the greatest

chance for errors at the time of the initial installation. Others are not an element in implementing a firewall.

(11)The first step in installing a Firewall in a large organization is

A. Develop Security Policy

B. Review firewall settings

C. Prepare Access Control List

D. Configure the firewall

Answer: A. Develop Security Policy

 

Explanation:

First step is to develop security policy and on the basis of approved security policy other steps to be considered.

 

(12)Which of the following is the MOST critical function of a firewall?

 

A. to act as a special router that connects different network.

B. device for preventing authorized users from accessing the LAN.

C. device used to connect authorized users to trusted network resources.

D. proxy server to increase the speed of access to authorized users.

 

Answer: C. device used to connect authorized users to trusted network resources.

 

Explanation:

Main and critical function of a firewall is to prevent unauthorised access to server. A firewall is a set of related programs that protects the resources of a private network from users of other networks.

 

(13)Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?

 

A. Secure Sockets Layer (SSL) has been implemented.

B. Firewall policies are updated on the basis of changing requirements.

C. Inbound traffic is blocked unless the traffic type and connections have been specifically

permitted.

D. The firewall is placed on top of the commercial operating system with all installation

options.

 

Answer: D. The firewall is placed on top of the commercial operating system with all installation

options.

 

Explanation:

Firewall Security can be compromised when all the installation options are kept open. Other choices are prudent options for better firewall security.

 

(14)An IS auditor is reviewing firewall security of the organization. Which of the following is the BEST audit procedure to determine if a firewall is configured as per security policy?

 

A. Review incident logs.

B. Review Access Control List.

C. Review the actual procedures.

D. Review the parameter settings.

 

Answer: D. Review the parameter settings.

 

Explanation:

A review of the parameter settings will provide a good basis for comparison of the actual

configuration to the security policy and will provide audit evidence documentation. The other

choices do not provide as strong audit evidence as choice A.

(15)Which of the following concerns would be addressed by a firewall?

 

A. Unauthorized access from external network

B. Unauthorized access from internal network

C. A delay in Internet connectivity

D. A delay in system processing

 

Answer: A. Unauthorized access from outside the organization

 

Explanation:

Firewalls are meant to prevent outsiders from gaining access to an organization’s computer systems through the Internet gateway.

 

 

 


CISA EXAM-Testing Concept-Firewall

Point to remember for CISA Exam: (1)Out of all types of firewall, Application-Level Firewall provides greatest security environment (as it works on application layer of OSI model). (2)Out of all types of firewall implementation structures, Screened Subnet Firewall (DMZ) provides greatest security environment (as it implements 2 packet filtering router and 1 bastion host). (3)In any given scenario, most robust configuration in firewall rule is ‘deny all traffic and allow specific traffic’ (as against ‘allow all traffic and deny specific traffic’). (4)In any given scenario, Stateful Inspection Firewall allows traffic from outside only if it is in response to traffic from internal hosts.

  • Author: Hemang Doshi
  • Published: 2016-07-29 20:50:08
  • Words: 1927
CISA EXAM-Testing Concept-Firewall CISA EXAM-Testing Concept-Firewall