Certified Information Systems Auditor (CISA) — Question 1124

In order for a firewall to effectively protect a network against external attacks, what fundamental practice must be followed?

Answer options

• A. Only essential external services should be permitted.
• B. The firewall must be placed in the demilitarized zone (DMZ).
• C. Filters for external information must be defined.
• D. All external communication must be via the firewall.

Correct answer: D

Explanation

The correct answer is D because routing all external communication through the firewall ensures that all traffic is monitored and controlled, effectively blocking potential threats. Options A, B, and C, while important, do not guarantee that all external traffic is filtered through the firewall, leaving potential vulnerabilities in the network's defenses.