ISC Updated CC Exam Questions and Answers by teddy-james

Policies are administrative controls that define acceptable behavior and organizational rules.

A firewall is a network security device designed to monitor, filter, and control incoming and outgoing traffic based on predefined security rules. Firewalls act as a barrier between trusted internal networks and untrusted external networks, such as the internet.

Firewalls can operate at multiple layers of the OSI model and may inspect packet headers, session states, and even application-level data. Modern firewalls often include advanced features such as intrusion prevention, deep packet inspection, and threat intelligence integration.

Servers and endpoints generate or consume traffic but do not filter it by default. Ethernet is a networking standard, not a device. Firewalls are a foundational security control recommended by virtually all cybersecurity frameworks, including NIST and CIS Critical Security Controls.

By enforcing traffic filtering rules, firewalls help prevent unauthorized access, reduce attack surfaces, and protect systems from threats such as malware, scanning, and exploitation.

The primary purpose of aWeb Application Firewall (WAF)is tofilter, monitor, and block malicious HTTP/HTTPS trafficdirected at web applications. A WAF operates at theapplication layer (Layer 7)of the OSI model and is specifically designed to protect web applications from common attacks such as SQL injection, cross-site scripting (XSS), command injection, and other OWASP Top 10 vulnerabilities.

Unlike traditional network firewalls, which focus on IP addresses, ports, and protocols, a WAF understands web-specific traffic patterns and inspects the content of HTTP requests and responses. This allows it to detect malicious payloads embedded in URLs, headers, cookies, and request bodies.

While some WAFs may offer limited protection against application-layer DDoS attacks, DDoS mitigation is not their primary function. Intrusion detection is typically handled by IDS/IPS solutions, and SSL certificate management is unrelated to WAF functionality.

Security frameworks such as NIST and OWASP recommend WAFs as a critical compensating control for protecting public-facing web applications, especially when secure coding fixes cannot be deployed immediately.

Carbon dioxide (CO₂) systems suppress fire without leaving residue or damaging electronic equipment. While they pose risks to people, they are effective for protecting electronics compared to water or foam.