Ann, a security administrator, is conducting an assessment on a new firewall, which was placed at the perimeter of a network containing PII. Ann runs the following commands on a server (10.0.1.19) behind the firewall:
From her own workstation (192.168.2.45) outside the firewall, Ann then runs a port scan against the server and records the following packet capture of the port scan:
Connectivity to the server from outside the firewall worked as expected prior to executing these commands.
Which of the following can be said about the new firewall?
A. It is correctly dropping all packets destined for the server.
B. It is not blocking or filtering any traffic to the server.
C. Iptables needs to be restarted.
D. The IDS functionality of the firewall is currently disabled.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
B.
The port is also considered open if a SYN packet (without the ACK flag) is received in response. This can be due to an extremely rare TCP feature known as a simultaneous open or split handshake connection (see https://nmap.org/misc/split-handshake.pdf).
https://nmap.org/book/man-port-scanning-techniques.html
Guys, after doing lot of research and testing I change my question to A.
Answer to A sorry.
Why?
B.
The port is also considered open if a SYN packet (without the ACK flag) is received in response. This can be due to an extremely rare TCP feature known as a simultaneous open or split handshake connection (see https://nmap.org/misc/split-handshake.pdf).
https://nmap.org/book/man-port-scanning-techniques.html
A – It also says Connectivity to the server from outside the firewall worked as expected prior to executing these commands. Wouldn’t that mean she had to turn the iptables off to see the packets at all. If this is true then that would mean the firewall was dropping the packets as expected.
This question is WEIRD. The returning packages should be [SYN, ACK] (if FW is responding all ports), RST (if FW is blocking) or even no answer. Never heard of a SYN package being answered as another SYN (without ACK).
omg, don’t believe this statement from someone going after casp+. Wow! Dude, if a port is closed, RST is the response, I learned that in Net+.
The answer is A, btw. Firewall in front of sensitive PII network is supposed to do that.
B – It the firewall isn’t blocking the traffic.
Not C – this is a firewall assessment – iptables was shut down to test the blocking capability of the firewall.
Thinking it is B:
– Not A because packets are still going back and forth from Ann and the server. These should be blocked by the firewall which is in-between the two.
– Not C because iptables would need to be restarted on the server, however the questions says Ann is assessing the new firewall
C?