Which of the following should the company implement?

A company is not familiar with the risks associated with IPv6. The systems administrator wants to isolate IPv4 from IPv6 traffic between two different network segments. Which of the following should the company implement? (Select TWO)
A. Use an internal firewall to block UDP port 3544.
B. Disable network discovery protocol on all company routers.
C. Block IP protocol 41 using Layer 3 switches.
D. Disable the DHCPv6 service from all routers.
E. Drop traffic for ::/0 at the edge firewall.
F. Implement a 6in4 proxy server.

How to PASS CAS-004 in First Attempt?

FULL Printable PDF and Software. VALID exam to help you PASS.

comptia-exams

8 thoughts on “Which of the following should the company implement?

  1. A&C

    A. UDP 3544 is teredo tunneling IPv6 into IPv4 packets – this needs to be blocked to segregate v4 and v6.

    C. Block IP protocol number 41 at layer 3. – This is kind of a trick answer 6in4 is protocol number 41 not to be confused with port 41. But 6in4 also should be blocked as it also tunnels v6 in v4 packets

  2. Change my answer to AC.
    Teredo is a generic name for communication of IPv6 to IPv4. So 6in4, 6to4, NAT64, 4over6, 6over4 are all Teredo services and use port 3544. So stopping port 3544 and protocol 41 will stop IPv6 to IPv4 in most cases.
    https://tools.ietf.org/html/rfc4380#section-2.7
    We propose here a service that enables nodes located behind one or
    more IPv4 Network Address Translations (NATs) to obtain IPv6
    connectivity by tunneling packets over UDP; we call this the Teredo service.

    Most IPv6 tunnel providers support Protocol 41, including Hurricane Electric and SixXS. 6to4, 6rd, and 6in4 are all different ways of using Protocol 41.

  3. Answer: BE (maybe)- This question sucks. Short question, but very loaded and lack of information. First to segment a network, you need switches, routers and maybe firewall too or it can be software segmentation. The question didn’t specify what equipment was used. The question also didn’t specify what technology was used for bridging IPv6 to IPv4 or was any used at all. Lots of answers gears toward 6in4 Teredo, so if Teredo was used, it’s a no brainer. The answer would have to be AC , but we don’t know what technology is being used.

    A. Use an internal firewall to block UDP port 3544. (Maybe. This only stop 6in4 Teredo, but there are others such as NAT64, 4over6. UDP port 3544 use by Teredo is a transition technology that gives full IPv6 connectivity for IPv6-capable hosts that are on the IPv4 Internet.)
    B. Disable network discovery protocol on all company routers. (Maybe…closer to yes. disabling this would stop IPv6 between routers. But where in the question did it say ‘discovery protocol’ state of the router?)
    C. Block IP protocol 41 using Layer 3 switches. (Maybe. If we know 6in4 Teredo is the only way used. Protocol 41 is ONLY use by 6in4 Teredo, there are others such as NAT64, 4over6.)
    D. Disable the DHCPv6 service from all routers. (No, IPv6 can be manually configured or assigned by other equipment such as a DHCP Server.)
    E. Drop traffic for ::/0 at the edge firewall. (Maybe. dropping ::/0 at the edge of network segment would stop IPv6. But this is only for default route. Default route is used when it’s undetermined which route to use.)
    F. Implement a 6in4 proxy server. (No, 6in4 helps communication between IPv6 and IPv4.)

  4. A. Use an internal firewall to block UDP port 3544. (teredo, which is full IPV6)
    C. Block IP protocol 41 using Layer 3 switches.

    6in4 is an IPv6 transition mechanism for migrating from Internet Protocol version 4 (IPv4) to IPv6. It is a tunneling protocol that encapsulates IPv6 packets on specially configured IPv4 links according to the specifications of RFC 4213. The IP protocol number for 6in4 is 41,

    In essence A prevents Taredo tunneling and C blocks 6in4 tunneling.

  5. I want to say,
    A. Use an internal firewall to block UDP port 3544. (teredo, which is full IPV6)
    B. Disable network discovery protocol on all company routers. (this will help with keeps IPs apart)

    but I am not 100% sure

    1. D. Disable the DHCPv6 service from all routers. – Would disable IPv6, I dont think that is what they are asking.

      F. Implement a 6in4 proxy server. – This is for migrating from IPv4 to IPv6. I dont think that is what they are asking.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.