Certified Information Security Manager (CISM) — Question 587

Which of the following is the BEST method for determining whether a firewall has been configured to provide a comprehensive perimeter defense?

Answer options

• A. A port scan of the firewall from an internal source
• B. A simulated denial of service (DoS) attack against the firewall
• C. A validation of the current firewall rule set
• D. A ping test from an external source

Correct answer: C

Explanation

The correct answer is C because validating the current firewall rule set directly assesses the effectiveness and comprehensiveness of the firewall's configurations. Options A and D do not provide a complete understanding of the firewall's security posture, and option B could disrupt services without providing useful insights into the firewall's configuration.