Certified Information Systems Auditor (CISA) — Question 717
When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:
Answer options
- A. the organization's web server.
- B. the demilitarized zone (DMZ).
- C. the Internet.
- D. the organization's network.
Correct answer: D
Explanation
The best recommendation is to position the IDS between the firewall and the organization's network because it allows for monitoring and detecting attacks that may bypass the firewall. Options A, B, and C do not provide the same level of protection for the internal network as placing the IDS directly in line with it.