Which two technologies will secure a data center's infrastructure from network-based threats? (Choose two.)
A next-generation firewall and an intrusion prevention system are the strongest choices for securing a data center against network-based threats. An NGFW provides application-aware policy enforcement, traffic inspection, segmentation support, and threat prevention capabilities at network control points. An IPS is designed to inspect traffic inline and block malicious packets before they reach protected systems. IDS technology is useful for monitoring and alerting, but a traditional IDS is normally passive and does not directly prevent traffic from reaching a target. A proxy can mediate certain types of traffic, especially web traffic, but it is not the broadest or most direct answer for data center infrastructure protection against network-based threats. Data centers require controls that can inspect both north-south and east-west traffic, enforce policy, and stop exploit attempts or known malicious patterns. NGFW and IPS capabilities are therefore aligned with preventive infrastructure security. Reference/topics: Network Security 3.2, NGFWs; Cybersecurity 1.5, intrusion prevention systems and firewalls.
Batch 3 --- Questions 26--40
Currently there are no comments in this discussion, be the first to comment!