Your network currently has a dedicated firewall protecting access to a web server. It is currently configured with the following two rules in the ACL along with an implicit allow rule at the end:
PERMIT TCP ANY ANY 443
PERMIT TCP ANY ANY 80
A. Add the following rule to the firewall: DENY TCP ALL ALL 53.
B. Add the following rule to the firewall: DENY UDP ALL ALL 53.
C. Add the following rule to the firewall: DENY TCP ALL ALL 25.
D. Add the following rule to the firewall: DENY IP ALL ALL 53.
E. Change the implicit allow rule to implicit deny.
Answer: D & E
PERMIT TCP ANY ANY 443
PERMIT TCP ANY ANY 80
You have detected DNS requests and zone transfer requests coming through the firewall and you need to block them. Which of the following would meet this goal? (Select TWO. Each answer is a full solution)
A. Add the following rule to the firewall: DENY TCP ALL ALL 53.
B. Add the following rule to the firewall: DENY UDP ALL ALL 53.
C. Add the following rule to the firewall: DENY TCP ALL ALL 25.
D. Add the following rule to the firewall: DENY IP ALL ALL 53.
E. Change the implicit allow rule to implicit deny.
Answer: D & E
Learn More :
Cyber Security Chapter 3
- Which of the following operates on the HIGHEST layer of the OSI model, and is the most effective at blocking application attacks?
- Network administrators connect to a legacy server using Telnet. They want to secure these transmissions using encryption at a lower layer of the OSI model. What could they use?
- Your organization hosts a web server and wants to increase its security. You need to separate all web-facing traffic from internal network traffic. Which of the following provides the BEST solution?
- Your organization wants to combine some of the security controls used on the network. What could your organization implement to meet this goal?
- Your organization wants to prevent users from accessing file sharing web sites. Which of the following choices will meet this need?
- Your organization frequently has guests visiting in various conference rooms throughout the building. These guests need access to the Internet via wall jacks, but should not be able to access internal network resources. Employees need access to both the internal network and the Internet. What would BEST meet this need?
- A network technician incorrectly wired switch connections in your organization's network. It effectively disabled the switch as though it was a victim of a denial-of-service attack. What should be done to prevent this in the future?
- Your organization is increasing security and wants to prevent attackers from mapping out the IP addresses used on your internal network. Which of the following choices is the BEST option?
- You need to reboot your DNS server. Of the following choices, which type of server are you MOST likely to reboot?
- You need to divide a single Class B IP address range into several ranges. What would you do?
- Lisa wants to manage and monitor the switches and routers in her network. Which of the following protocols would she use?
- You need to enable the use of NetBIOS through a firewall. Which ports should you open?
- You need to prevent the use of TFTP through your firewall. Which port would you block?
- You recently learned that a network router has TCP ports 22 and 80 open, but the organization's security policy mandates that these should not be accessible. What should you do?
- Your organization is planning to establish a secure link between one of your mail servers and a business partner's mail server. The connection will use the Internet. What protocol is the BEST choice?
- You need to send several large files containing proprietary data to a business partner. Which of the following is the BEST choice for this task?
- You are configuring a host-based firewall so that it will allow SFTP(Secure file transfer protocol)connections. Which of the following is required?
- What is the default port for SSH(Secure shell)?
- What protocol does IPv6 use for hardware address resolution?