A security administrator is configuring a new web application firewall (WAF) to protect a critical web server. The administrator's primary goal is to prevent any potential security breach, even if the WAF itself malfunctions or loses power. Which failure mode should be configured to ensure the server remains protected by blocking all traffic in the event of a WAF failure?
Fail-closed is a security posture that ensures when a device encounters a failure, it will default to a state that blocks all traffic, reducing the risk of unauthorized access during the downtime. On the other hand, a fail-open configuration would allow all traffic through, which could be risky as it might permit unsecured or malicious traffic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the main advantages of a fail-closed configuration?
Open an interactive chat with Bash
How does a fail-closed configuration differ from fail-open?
Open an interactive chat with Bash
In what scenarios would a fail-open configuration be preferred over fail-closed?