A UTM is deployed on the external edge of the main corporate office.
The office connects to the WAN port of the edge router.
The edge router at the main office connects to the remote offices using GRE IPSec tunnels.
A network administrator notices that a worm that was not detected by the UTM has spread from the remote sites into the corporate network.
The UTM currently has traffic rules applied that should block the port used by the worm.
Which of the following steps would MOST likely correct this issue?
A.
Move the UTM onto the LAN side of the network B.
Enable TLS inspection on the UTM C.
Enable stateful inspection on the UTM D.
Configure the UTM to deny encrypted files from being transferred.
C.
A UTM is deployed on the external edge of the main corporate office.
The office connects to the WAN port of the edge router.
The edge router at the main office connects to the remote offices using GRE IPSec tunnels.
A network administrator notices that a worm that was not detected by the UTM has spread from the remote sites into the corporate network.
The UTM currently has traffic rules applied that should block the port used by the worm.
Which of the following steps would MOST likely correct this issue?
A.
Move the UTM onto the LAN side of the network
B.
Enable TLS inspection on the UTM
C.
Enable stateful inspection on the UTM
D.
Configure the UTM to deny encrypted files from being transferred.
C.
The scenario described in the question indicates that the organization has deployed a Unified Threat Management (UTM) device on the external edge of the main corporate office. The main office is connected to the WAN port of the edge router, and the edge router connects to the remote offices using GRE IPSec tunnels. However, despite the UTM having traffic rules that should block the port used by the worm, the network administrator has noticed that the worm has spread from the remote sites into the corporate network.
To correct this issue, the MOST likely step would be to enable stateful inspection on the UTM. Stateful inspection is a type of firewall technology that keeps track of the state of network connections and data packets to detect and prevent network threats. It monitors the state of active connections, such as TCP sessions, to ensure that only legitimate traffic is allowed to pass through the firewall. This technology is commonly used in modern UTMs to provide more advanced threat detection and prevention capabilities.
By enabling stateful inspection on the UTM, it would be able to analyze the state of network connections and data packets passing through the device. It would be able to identify and block any malicious traffic that is attempting to bypass the existing traffic rules applied to the port used by the worm. This would prevent the worm from spreading from the remote sites into the corporate network.
Moving the UTM onto the LAN side of the network (option A) is not an effective solution as it would not address the root cause of the problem. Enabling TLS inspection (option B) would not be effective in detecting or blocking the worm as the traffic rules applied to the port used by the worm should have already detected and blocked it. Configuring the UTM to deny encrypted files from being transferred (option D) would not be effective in preventing the worm from spreading as it is not known whether the worm is using encrypted files to spread.