CompTIA Security+ (SY0-501) — Question 970

Which of the following delineates why it is important to perform egress filtering and monitoring on Internet connected security zones of interfaces on a firewall?

Answer options

• A. Egress traffic is more important than ingress traffic for malware prevention
• B. To rebalance the amount of outbound traffic and inbound traffic
• C. Outbound traffic could be communicating to known botnet sources
• D. To prevent DDoS attacks originating from external network

Correct answer: C

Explanation

The correct answer, C, highlights that egress filtering is essential to identify and block outbound traffic that may be communicating with known botnets, which can compromise the network. Options A and B are incorrect because they do not accurately reflect the primary concern of egress filtering, while D is misleading as it focuses on DDoS attacks originating from external sources rather than the protection against outbound threats.