Certified Information Systems Security Professional (CISSP) — Question 459

What is the FIRST step in reducing the exposure of a network to Internet Control Message Protocol (ICMP) based attacks?

Answer options

• A. Implement network access control lists (ACL).
• B. Implement an intrusion prevention system (IPS).
• C. Implement a web application firewall (WAF).
• D. Implement egress filtering at the organization's network boundary.

Correct answer: A

Explanation

The correct answer is A, as implementing network access control lists (ACL) is the first line of defense against ICMP-based attacks, allowing you to specify which types of ICMP traffic are permitted. The other options, while useful for security, are not the primary step in addressing ICMP vulnerabilities specifically.