Which of the following delineates why it is important to perform egress filtering and monitoring on Internet connected security zones of interfaces on a firewall?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The correct answer is C - Outbound traffic could be communicating to known botnet sources.
Egress filtering and monitoring on Internet-connected security zones of interfaces on a firewall is essential to ensure the security of the network. The process involves examining and controlling outbound traffic that passes through a network security device, such as a firewall or router.
The primary reason for performing egress filtering and monitoring is to prevent data breaches and protect against malicious activities originating from within the network. This is because an attacker who has gained access to the network may use it to communicate with command-and-control servers or botnets outside of the network, sending sensitive information, and exfiltrating data.
Therefore, egress filtering and monitoring help to identify and block any unauthorized communication that could lead to data loss or theft. It also helps to detect any outbound traffic that is suspicious or non-compliant with network policies, indicating a potential security threat.
In contrast, option A, stating that egress traffic is more important than ingress traffic for malware prevention, is not accurate. Both inbound and outbound traffic must be inspected and monitored to prevent malware and other security threats.
Option B, to rebalance the amount of outbound traffic and inbound traffic, is not a valid reason for egress filtering and monitoring. The amount of inbound and outbound traffic does not affect network security.
Option D, to prevent DDoS attacks originating from external networks, is also not entirely accurate. Egress filtering and monitoring can help prevent compromised devices within the network from participating in DDoS attacks, but it does not prevent DDoS attacks originating from external networks. To prevent such attacks, network administrators must implement specific DDoS mitigation measures.