A customer cannot access a company’s secure website. The company’s network security is reviewing the firewall for the server and finds the following output:
Which of the following changes should be made to allow all customers to access the company’s secure website?
A. Allow any any 10.5.0.10 443
B. Allow any any 12.73.15.5 443
C. Allow 10.5.0.10 443 any any
D. Allow 10.5.0.10 any 10.5.0.10 30
Exam N10-008: CompTIA Network+Free dumps for N10-008 in PDF format.High quality N10-008 PDF and software. VALID exam to help you pass. |
 |
I think this is how the firewall should be configured.
Time———Action———- -Src IP—————Scr Port—–Dst IP——Dst Port
—————Allow———-all customers(Any)—–Any—–10.5.0.10—–443
So, the right option is A.
Now, on the firewall config table, option C ——> “10.5.0.10 443 any any” will look like this.
Time———–Action——-Src IP———Scr Port—–Dst IP——-Dst Port
——————Allow——–10.5.0.10—–443———Any———–Any
Note!! 10.5.0.10 is NOT a source IP address. It is the IP address of the ”company’s secure website” (Dst IP).
So, option C is INCORRECT
A. Allow any any 10.5.0.10 443
C is the correct answer. See the secure word in the question.
The statement shouldn’t start with any any, C is correct
First entry in log specifies only a CERTAIN IP can access the unsecured website (port 80).
Subsequent log entries specify all others are DENIED to the secure website (port 443) + implicit deny.
Then the question goes off the rail and asks about letting EVERYONE on the internet access the secure website.
They didn’t let everyone access the unsecured website, that’s a little confusing… but OK… we’ll just answer the Q!
A is the correct answer… allow ANY IP and ANY PORT from the internet to access the specific website of 10.5.0.10 port 443.
C indicates the website can connect OUT to anything on the internet. Certainly not what the Q asks for.
The correct answer is A. Look at the log. The first thing list is the source IP address. The last two are the destination IP address and port.
C is the correct answer. A Permit IP any any statement will allow all IP traffic to flow across the interface
The answer is A.
Isn’t it supposed to be A. Allow any any 10.5.0.10 443 ?