CISSP Question of the Day – 6-28-2016

Getting You Prepped for the CISSP Exam ...One Question at a Time!

Today’s CISSP question topic: Firewalls

Which of the following are typically NOT allowed to pass outbound through a firewall that leads to the Internet? (Choose Five)

  1. HTTP
  2. FTP
  3. SNMP
  4. DNS
  5. EIGRP
  6. RADIUS
  7. OSPF
  8. SSH
  9. SMTP
  10. LDAP



Check Your Answer


  1. SNMP
  2. EIGRP
  3. RADIUS
  4. OSPF
  5. LDAP

Supporting Links:

  1. http://securityskeptic.typepad.com/the-security-skeptic/firewall-best-practices-egress-traffic-filtering.html
  2. http://www.sans.edu/research/security-laboratory/article/top-firewall-leaks

Note from Colin: Even though SSH is considered allowable in this question you should know that allowing SSH to leave your network is a decision not to be taken likely. Tunneling any and all traffic through SSH is a very plausible concern that can effectively negate all of your egress rules. Mitigating this is beyond the scope of ‘simple’ stageful firewalls. The SANS article listed above discusses the concerns with SSH tunneling. Give it a read if you are interested in more info.

Co-workers, friends or colleagues studying for the CISSP exam, too? Share this question with them! Click an icon below to share to your preferred social media platform!
Posted in:
About the Author

Colin Weaver

Colin Weaver is co-owner and lead instructor at ITdojo, Inc., a network security and information assurance training center and consulting firm located in Virginia Beach, VA. His passion for technology, networks, and security has led him to become enthralled with the idea of IPv6 and its implementation. In this blog he will share with you glimpses of what he has learned and a hint at what you’ll learn in his classes.