Exam GICSP Topic 1 Question 41 Discussion

Actual exam question for GIAC's GICSP exam
Question #: 41
Topic #: 1
What is a recommended practice for configuring enforcement boundary devices in an ICS control network?

Suggested Answer: B Vote an answer

Enforcement boundary devices like firewalls play a critical role in ICS network security. A best practice is to:
Enable full packet collection for all allowed and denied traffic (B) on next-generation firewalls. This facilitates deep inspection, detailed logging, and auditing, which are vital for detecting anomalous or malicious activity.
Other options are less effective or counterproductive:
(A) Dropping inbound packets with source addresses from the protected network is generally illogical and may disrupt normal traffic.
(C) Stateless access control is less secure and less manageable than stateful inspection.
(D) Default allow egress policies increase risk by permitting unnecessary outbound traffic.
GICSP stresses detailed logging and stateful inspection as core security controls for enforcement points.
Reference:
GICSP Official Study Guide, Domain: ICS Security Operations & Incident Response NIST SP 800-82 Rev 2, Section 5.5 (Network Security and Firewalls) GICSP Training on Network Boundary Protection

by Ira at Mar 23, 2026, 05:24 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10