Systems Security Certified Practitioner (SSCP) — Question 31

In the context of network enumeration by an outside attacker and possible Distributed Denial of Service (DDoS) attacks, which of the following firewall rules is not appropriate to protect an organization's internal network?

Answer options

• A. Allow echo reply outbound
• B. Allow echo request outbound
• C. Drop echo request inbound
• D. Allow echo reply inbound

Correct answer: A

Explanation

The correct answer, A, is inappropriate because allowing outbound echo replies can give attackers information about the internal network. Options B, C, and D either manage inbound requests or allow outbound traffic that does not expose internal network details, making them more suitable for protection.