CISA Certified Information Systems Auditor – Question3016 - CISA Certified Information Systems Auditor

Assuming this diagram represents an internal facility and the organization is implementing a firewall protection program, where should firewalls be installed?

A. No firewalls are needed
B. Op-3 location only
C. MIS (Global) and NAT2
D. SMTP Gateway and op-3

Correct Answer: D

Explanation:

Explanation:
The objective of a firewall is to protect a trusted network from an untrusted network; therefore, locations needing firewall implementations would be at the existence of the external connections. All other answers are incomplete or represent internal connections.