Securing a Web Server
teancum144
Member Posts: 229 ■■■□□□□□□□
in Security+
A company's security specialist is securing a web server that is reachable from the internet. The web server is located in the core internal corporate network. The network cannot be redesigned and the server cannot be moved. Which of the following should the security specialist implement to secure the web server?
A. Network-based IDS
B. Router with firewall rule set
C. Host-based firewall
D. Router with an IDS module
E. Network-based firewall
F. Host-based IDS
The answer is "F". However, I think this is a poorly worded question. If "F" said "Host-based IPS", then I would agree. So, given the choices, wouldn't "C" be the best choice?
A. Network-based IDS
B. Router with firewall rule set
C. Host-based firewall
D. Router with an IDS module
E. Network-based firewall
F. Host-based IDS
The answer is "F". However, I think this is a poorly worded question. If "F" said "Host-based IPS", then I would agree. So, given the choices, wouldn't "C" be the best choice?
If you like my comments or questions, you can show appreciation by clicking on the reputation badge/star icon near the lower left of my post.
Comments
-
ChooseLife Member Posts: 941 ■■■■■■■□□□G. All of the above
I think the question is not worded properly. Comes from a guy who secures web servers for living..“You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896
GetCertified4Less - discounted vouchers for certs -
paul78 Member Posts: 3,016 ■■■■■■■■■■That is a oddly worded question and answer. The question author uses the term "secure the web server" - so that should normally rule out any IDS techniques. I interpret the word "secure" as introducing a preventative control. An IDS is considered a detective control. So while an IDS is part of any defense in depth strategy - it's not a preventative control which could prevent an intrusion attempt.
Caveat though - I'm actually not familiar with Security+'s knowledge base so I do not know if there is an expectation that a candidate needs to be able to discern control types. -
astorrs Member Posts: 3,139 ■■■■■■□□□□Terrible question/answer. As paul78 said an IDS/IPS is only a detective control. If we can't have "All of the above" then I vote for:
H. Reverse proxy web application firewall