How do firewalls work, and what are the main types of firewalls you might encounter in a SOC environment? How do firewall logs help you during incident investigation?

Sample answer preview

Firewalls are network security devices that monitor and control incoming and outgoing traffic based on predefined security rules. They act as a barrier between trusted internal networks and untrusted external networks, deciding which traffic to allow and which to block.