Which of the following includes best practices for validating perimeter firewall configurations?
Correct Answer: A
The Center for Internet Security (CIS) Controls provide prescriptive best practices for validating and securing perimeter firewalls. These controls are specifically designed to offer detailed, actionable steps that organizations can follow to ensure firewall rules are configured properly, access is restricted to least privilege, and unnecessary services are disabled. CIS benchmarks also provide specific configuration guidance for different vendors, making them highly practical for real-world implementation and validation.
MITRE ATT&CK (B) is a framework for adversary tactics, techniques, and procedures, valuable for threat modeling but not a direct standard for firewall validation. NIST CSF (C) provides a high-level framework for cybersecurity risk management but lacks specific configuration guidance for firewalls. ISO 27001 (D) defines an information security management system (ISMS) framework, focusing on governance and certification rather than hands-on configuration best practices.
Therefore, the CIS Controls and Benchmarks represent the most direct and practical resource for validating firewall configurations in line with recognized industry best practices.