Last Updated on April 28, 2021 by Admin
Which statement describes a typical security policy for a DMZ firewall configuration?
- Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface with few or no restrictions.
- Traffic that originates from the DMZ interface is selectively permitted to the outside interface.
- Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to the outside interface.
- Return traffic from the outside that is associated with traffic originating from the inside is permitted to traverse from the outside interface to the DMZ interface.
- Return traffic from the inside that is associated with traffic originating from the outside is permitted to traverse from the inside interface to the outside interface.
Answers Explanation & Hints:
With a three interface firewall design that has internal, external, and DMZ connections, typical configurations include the following:Traffic originating from DMZ destined for the internal network is normally blocked.
Traffic originating from the DMZ destined for external networks is typically permitted based on what services are being used in the DMZ.
Traffic originating from the internal network destined from the DMZ is normally inspected and allowed to return.
Traffic originating from external networks (the public network) is typically allowed in the DMZ only for specific services.