Question 18 - ISC2 SSCP Real Exam Questions [March 2026 Update]

Q: 18

Which of the following should NOT normally be allowed through a firewall?

Options

Discussion

Parker Q. Feb 26, 2026 10:53 am

I'm going with A. SNMP just isn't meant for exposure beyond internal networks, way too much risk for device info leakage. SMTP and HTTP are common services through a firewall, SSH can be justified for legit remote admin. SNMP is the trap here, right?

Cameron Feb 23, 2026 3:17 pm

Ivy O. Feb 28, 2026 2:51 pm

C, not sure why SMTP couldn't also pose a risk but HTTP feels like the more risky one to allow by default.

PreciseSec2263 Feb 28, 2026 11:10 pm

C or D? HTTP and SSH both can be risky, especially SSH if not limited. Not 100 percent sure.

Amelia Z. Feb 20, 2026 7:30 pm

A imo, SNMP shouldn't be open to the public internet-management protocols like that are an easy target if exposed. HTTP, SMTP, SSH can all be justified for legit services. Pretty sure about this but correct me if I'm missing something.

Sam W. Feb 26, 2026 10:26 am

Nora I. Feb 20, 2026 2:38 pm

A tbh, official guide and firewall practice labs cover this scenario often.

Robin Z. Mar 3, 2026 4:07 am

Probably A here. SNMP shouldn't be exposed outside since it's mainly for internal device management, and leaving it open is a classic firewall misconfig. Easy to overlook since SMTP and HTTP are legit for mail/web, SSH is sometimes needed for remote admin. SNMP's the gotcha option. Anyone think otherwise?

Anita D. Mar 3, 2026 7:46 pm

C or A? Not totally sure. I remember reading SNMP is risky because it exposes too much info if it's open on the firewall, so probably A is the safer pick. Someone correct me if I'm missing something basic here.

Be respectful. No spam.

Correct Answer:

Explanation

Simple Network Management Protocol (SNMP) is designed for managing and monitoring devices on an internal network. Exposing SNMP to the internet presents a significant security risk, as it can reveal sensitive network configuration, device status, and performance data. Attackers can exploit this information for network reconnaissance or launch denial-of-service attacks. Best security practices dictate that SNMP traffic should be blocked at the perimeter firewall and only permitted on trusted, internal management networks.

Why Incorrect

B. SMTP: Simple Mail Transfer Protocol is essential for sending and receiving email from the internet. It is normally allowed through a firewall to a designated mail server.

C. HTTP: Hypertext Transfer Protocol is the primary protocol for web browsing. Outbound HTTP is required for users to access websites, and inbound is needed to host a public web server.

D. SSH: Secure Shell provides encrypted remote administration. While it must be carefully secured, it is often permitted through a firewall for authorized administrators to manage systems remotely.

References

1. National Institute of Standards and Technology (NIST). (2009). Guidelines on Firewalls and Firewall Policy (Special Publication 800-41 Revision 1).

Page 29

Section 4.3.2

"Service-Specific Issues": "SNMP is another protocol that organizations should usually block at their firewalls. SNMP is used to remotely manage network devices. Attackers can use SNMP to gain extensive information on a network’s configuration... Because of these risks

organizations should block SNMP at their firewalls."

2. Stallings

& Brown

L. (2018). Computer Security: Principles and Practice (4th ed.). Pearson.

Chapter 21

"Firewalls and Intrusion Prevention Systems

" Section 21.2

"Firewall Characteristics": This section discusses firewall filtering policies. It emphasizes that services intended only for local use

such as SNMP

should not be exposed externally. The principle is to deny all traffic by default and only permit services that are explicitly required for business with the external world.

3. Carnegie Mellon University

Software Engineering Institute. (2002). State of the Practice of Firewall Deployment and Management (CMU/SEI-2002-TN-013).

Page 16

Section 3.2.2

"Filtering Rules": The document advises filtering protocols that provide information about the internal network to outsiders. It lists SNMP as a protocol that is "often filtered" at the firewall boundary due to the valuable network information it can provide to an attacker.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE