Detective & Preventive Controls
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.
Included in this chapter:
- Detective vs. preventive: the one frame for every device
- Firewalls: climbing the OSI stack
- IDS, IPS, and the listing controls
- Sandboxing, honeypots, MSSPs, and ML/AI tools
- Exam-pattern recognition
Firewall generations: inspection depth and OSI layer
| Firewall type | OSI layer inspected | What it examines | Stateful? | Primary use |
|---|---|---|---|---|
| Packet-filtering | Layer 3–4 (network/transport) | Source/dest IP, port, protocol flags in each packet header | No (stateless) | Fast, coarse perimeter ACLs; cannot validate session context |
| Stateful inspection | Layer 3–4 + connection state | Headers plus a state table of active connections | Yes | Default modern perimeter; permits only return traffic for known sessions |
| Application proxy / gateway | Layer 7 (application) | Full payload of a specific protocol; terminates and re-originates the connection | Yes | Deep per-protocol inspection and internal-host hiding; slower |
| Next-generation (NGFW) | Layer 3–7 + identity | Stateful inspection plus application awareness, integrated IPS, user identity | Yes | Consolidated app-aware policy with built-in intrusion prevention |
| Web application firewall (WAF) | Layer 7 (HTTP/HTTPS only) | HTTP requests/responses for app-attack patterns | Yes (HTTP session) | Protects a web application from SQL injection, XSS, and similar |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.