ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization is redesigning its on-prem network for a new three-tier app. Policy says only HTTPS can reach the web tier, the web tier initiates TCP 8443 to the app tier, and the database tier accepts MySQL only from the app tier. Which firewall deployment best enforces these rules inside the data center while avoiding extra hardware?
Deploy host-based firewalls on every server and centrally manage the rules with configuration-management tools.
Place a dedicated next-generation application firewall between each pair of tiers, adding a new appliance whenever a tier is created.
Install a stateful Layer 3/4 firewall at the network core and use VLAN sub-interfaces with access control lists to filter inter-tier traffic.
Implement a hypervisor-based distributed firewall that applies stateful policies to east-west traffic between virtual machines in each tier.
A hypervisor-based distributed firewall applies stateful rules directly to each virtual machine's network interface within the hypervisor, giving precise east-west enforcement without inserting additional physical appliances or configuring extra VLAN sub-interfaces. Because policies move with the VMs, scaling or migrating tiers does not require new hardware or recabling, keeping operations simple and cost-effective.
A core firewall with VLAN sub-interfaces forces all traffic through a single choke point and needs continual interface reconfiguration as tiers grow. Host-based firewalls offer granular control but impose significant administrative overhead on every server. Deploying separate next-generation appliances between tiers adds cost and complexity and must be repeated for each new tier, reducing scalability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a hypervisor-based distributed firewall?
Open an interactive chat with Bash
What is the difference between east-west and north-south traffic?
Open an interactive chat with Bash
How does stateful inspection work in a firewall?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .