CISA Certified Information Systems Auditor – Question2301

What is an initial step in creating a proper firewall policy?

A.
Assigning access to users according to the principle of least privilege
B. Determining appropriate firewall hardware and software
C. Identifying network applications such as mail, web, or FTP servers
D. Configuring firewall access rules

Correct Answer: C

Explanation:

Explanation:
Identifying network applications such as mail, web, or FTP servers to be externally accessed is an initial step in creating a proper firewall policy.