Certified Information Systems Security Professional (CISSP) — Question 70
Information security practitioners are in the midst of implementing a new firewall. Which of the following failure methods would BEST prioritize security in the event of failure?
Answer options
- A. Failover
- B. Fail-Closed
- C. Fail-Safe
- D. Fail-Open
Correct answer: B
Explanation
The correct answer is Fail-Closed because it ensures that in the event of a failure, the firewall will block all traffic, thereby maintaining security. On the other hand, Fail-Open allows traffic to flow freely, which could expose the network to vulnerabilities, while Failover and Fail-Safe do not prioritize security as effectively in this context.