A network firewall has been configured with the latest vendor security patches. What additional configuration Is needed to harden the firewall?
Options:
A.
Remove the default "Firewall Administrator account and create a shared account for firewall administrators to use.
B.
Configure the firewall to permit all traffic until additional rules are defined.
C.
Synchronize the firewall rules with the other firewalls in the environment.
D.
Disable any firewall functions that are not needed in production.
Answer:
D
Explanation:
Firewall Hardening:
Requirement 1.2 mandates that firewalls should be configured with only the necessary functionality to reduce attack surfaces. Disabling unused functions eliminates potential vulnerabilities.
Explanation of Other Options:
A:Shared accounts violate Requirement 8.1.5, which prohibits shared or generic accounts.
B:Allowing all traffic initially violates Requirement 1.2.1, which requires a restrictive firewall policy.
C:Synchronization of rules may not always be necessary, especially for firewalls with different scopes or roles.
