Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 40 subscribers
  • Views 3329 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security Heartbeat question

MJ_P1

On which two of the networks can the endpoints be protected from the computer with a red health status? Why do you answer that way?

I feel like it's a trick question as wouldn't all three be protected? I said A and C since B was obvious. I was wrong. I don't know why I was wrong though.

-Mike



This thread was automatically locked due to age.
  • 0

    It should be all of them otherwise heartbeat is a failed security application.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to rfcat_vk

    So the question aims at the Lateral Movement Prevention. Actually its more complex but easy to understand from a Firewall perspective.

    So the Endpoint tries to isolate itself to prevent "everything". On top on that, the firewall will prevent the access to every other network. 

    There is a feature called Lateral Movement Prevention. It will alert all other Endpoints about the heartbeat status of all client !Within the same network broadcast". So if you connect two networks like that with different routers, the firewall cannot alert the networks on A. The traffic von B to A is on the "core router", which completely cut the firewall. 

    The firewall can protect C, because the traffic is protected as it flows through Firewall. 

    You could argue: Even B is not protected. Simply because the packets never reach the Firewall as the router of B will fetch everything. So even lateral movement prevention from a firewall perspective is not involved in this scenario (Bad Design IMHO). 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Which is your answer? The question is: On which two of the networks can the endpoints be protected from the computer with a red health status?

    -Mike

  • 0 in reply to MJ_P1

    From which test this question is?  Can't remember such a question in XG training or test.
    Mostly within training-guide you have exact these example/answer.
    Unfortunately, there are often nonsensical questions in the exams that make sense in a different context in the student guide.

    To the answer: I would say from the point of view of Entpoint Protection, this protection (Lateral Movement Prevention) is there to help devices that cannot be protected by a firewall because they are in the same network. So possibly A + B


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    ET80 - Sophos Firewall v18.5 - Engineer is the exam.

    Do you have an answer for the question? I've already passed the exam, so I am not looking for someone to give me an answer so I pass.

    I am curious as to why I was wrong (choosing A & C) and what and why is the correct answer so I understand.

    -Mike

  • 0 in reply to MJ_P1

    Its B + C (I am pretty sure). Simply because there is no technique in place to protect A. 

    __________________________________________________________________________________________________________________

  • +1 in reply to LuCar Toni

    I contacted the Global Training team from Sophos and got the definitive answer.

    As said by , the correct answer is B and C. 

    Passing through from A to B will not register the MAC at the firewall level to alert the endpoints in A of the infected endpoint. Whereas going from B to C does pass through the firewall so the traffic on C will be alerted. 

    The person I spoke with acknowledged this question on the test could use more clarity and supporting information to make a decision and they will address that on future versions of the test.

    Thank you all for your help on this question.

    -Mike

Unfiltered HTML