ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 733 discussion

Actual exam question from CompTIA's SY0-601
Question #: 733
Topic #: 1
[All SY0-601 Questions]

SIMULATION
-

A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.


INSTRUCTIONS
-

Click on each firewall to do the following:

1. Deny cleartext web traffic.
2. Ensure secure management protocols are used.
3. Resolve issues at the DR site.

The ruleset order cannot be modified due to outside constraints.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.







Show Suggested Answer Hide Answer
Suggested Answer:
by DashRyde at Oct. 17, 2023, 9:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
WinEH
Highly Voted 1 year, 7 months ago
FW1: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 10.0.0.1/24 > ANY > HTTPS > PERMIT Management: ANY > ANY > SSH > PERMIT HTTPS Inbound: ANY > 10.0.0.1/24 > HTTPS > PERMIT HTTP Inbound:ANY > ANY > HTTP > DENY FW2: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 10.0.1.1/24 > ANY > HTTPS > PERMIT Management: ANY > ANY > SSH > PERMIT HTTPS Inbound: ANY > 10.0.1.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY FW3: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 192.168.0.1/24 > ANY > HTTPS > PERMIT Management: ANY > ANY > SSH > PERMIT HTTPS Inbound: ANY > 192.168.0.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY
upvoted 35 times
AbdullahMohammad251
1 year ago
Email servers & web servers typically do not respond to DNS requests directly. Instead, they rely on DNS resolvers to handle DNS resolution on their behalf. They can only query DNS requests to reach other websites. So, DNS for FW1 should be: 10.0.0.1/24 , ANY, DNS, permit DNS for FW2: 10.0.1.1/24, ANY, DNS, permit DNS for FW3: 192.168.0.1/24, ANY, DNS, permit
upvoted 6 times
...
AbdullahMohammad251
1 year ago
I think the HTTP inbound rule for the 3 firewalls should be as follows: FW1----> HTTP inbound: ANY > 10.0.0.1/24 > HTTP > DENY FW2----> HTTP inbound: ANY > 10.0.1.1/24 > HTTP > DENY FW3----> HTTP inbound: ANY > 192.168.0.1/24 > HTTP > DENY
upvoted 1 times
...
dax61
1 year, 7 months ago
Why is Management configured as ANY > ANY? Does it not mean any one can ssh to the systems within firewall? Example: For firewall 1 should it be ANY > 10.0.0.1/24 > SSH > PERMIT
upvoted 7 times
WinEH
1 year, 7 months ago
That's a good point. I thought as long as it is SSH, any > any should be fine. It still works though. I might change the Management rule anyway to FW1: any > 10.0.0.1/24 > SSH > Permit FW2: any > 10.0.1.1/24 > SSH > Permit FW3: any > 192.168.0.1/24 > SSH > Permit
upvoted 13 times
...
WinEH
1 year, 6 months ago
Say for example, I am currently working on one of the web servers and trying to connect to email server or the other web server via SSH. It will allow me to do so. As per the requirement, it still satisfies the below conditions as long as it is SSH: 1. Deny cleartext web traffic. 2. Ensure secure management protocols are used.
upvoted 5 times
...
...
...
JT4
Highly Voted 1 year, 7 months ago
Just passed the exam with a score of 800 on 10/28/23. About 90% of the questions are from here. This question is on the exam.
upvoted 19 times
meister13
1 year, 7 months ago
good job! Did all you PBE questions were the ones form here, or some were form 501 version?
upvoted 1 times
...
...
xBrynlee
Most Recent 10 months, 4 weeks ago
I had this PBQ on the exam taken on 07/10/2024 (SEC+ 601)
upvoted 3 times
...
Coznet
1 year ago
QUESTION: FW2 connects to a MAIL server, so why do I need to permit (in/out-bound) HTTPS ?
upvoted 1 times
Coznet
1 year ago
Hey mods, please approve.
upvoted 1 times
...
...
Fart2023
1 year, 1 month ago
FW1: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 10.0.0.1/24 > ANY > HTTPS > PERMIT Management: ANY > ANY > SSH > PERMIT HTTPS Inbound: ANY > 10.0.0.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY FW2: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 10.0.1.1/24 > ANY > HTTPS > PERMIT Management: ANY > ANY > SSH > PERMIT HTTPS Inbound: ANY > 10.0.1.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY FW3: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 192.168.0.1/24 > ANY > HTTPS > PERMIT Management: ANY > ANY > SSH > PERMIT HTTPS Inbound: ANY > 192.168.0.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY
upvoted 2 times
...
staticisthemix
1 year, 1 month ago
04/09/24 this question was on the exam. I have a free account so I only went up to 400 questions barely any of those MQ's showed up. I highly suggest you go over the comments and understand it to apply logic.
upvoted 1 times
...
BD69
1 year, 2 months ago
once again, suggested answer is so wrong, it's not even funny.
upvoted 2 times
...
reto1
1 year, 2 months ago
This was in the exam. All the questions were from 1-849. Make sure to understand the questions and the answers. Look it up and study all the details of every question. Don't just memorize it. Understand it and think how you an deploy or use at your work or in enterprise. Exam taken on Mar 2024.
upvoted 10 times
...
maggie22
1 year, 3 months ago
Was on my exam today. My PBQ no.2
upvoted 10 times
...
Biru04
1 year, 4 months ago
Shouldn't be DNS only allowed to particular destination? For example, Firewall 1: DNS Rule: ANY > 10.0.0.1/24 > DNS > PERMIT
upvoted 2 times
...
ArunRavilla
1 year, 4 months ago
FW1: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 10.0.0.1/24 > ANY > HTTPS > PERMIT Management: ANY > 10.0.0.1/24 > SSH > PERMIT HTTPS Inbound: ANY > 10.0.0.1/24 > HTTPS > PERMIT HTTP Inbound:ANY > ANY > HTTP > DENY FW2: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 10.0.1.1/24 > ANY > HTTPS > PERMIT Management: ANY > 10.0.1.1/24 > SSH > PERMIT HTTPS Inbound: ANY > 10.0.1.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY FW3: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 192.168.0.1/24 > ANY > HTTPS > PERMIT Management: ANY > 192.168.0.1/24 > SSH > PERMIT HTTPS Inbound: ANY > 192.168.0.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY
upvoted 5 times
HCM1985
1 year, 1 month ago
I just think that HTTPS OUTBOUND on the DR site should be ANY > ANY, since the question states that userS (plural) are having issues connecting to websites.
upvoted 3 times
...
...
Raven1366
1 year, 4 months ago
28/01/24 just passed with 796. PBE questions 731,733,734,153 were in the exam. i say %80 of questions are from here.
upvoted 6 times
...
Andrii1137
1 year, 5 months ago
This was on my exam 29.12.23
upvoted 1 times
...
fryderyk
1 year, 6 months ago
Just out of curiosity: why HTTPS inbound and outbound for email server?
upvoted 1 times
...
Rumchata556
1 year, 6 months ago
This was on my exam, 11/29/23
upvoted 3 times
...
bzona
1 year, 6 months ago
This task was on the exam. I took it on November 2, 2023. Score 786/900 ALL PBQs on the exam were from here. I got 3 PBQs and 82/83 questions total. I do not recall what I answered on this one I went with my knowledge. Make sure to get familiar with these settings, so no matter what you get you can handle the task. I got 30-40% of the questions from this dump, and only the simple ones, the questions that sweat me up, were not in the dump. So make use of what examtopics have provided us to study well and pass the exam. Good luck!
upvoted 1 times
...
Padik
1 year, 6 months ago
This was in 11/20/2023 exam scored 774/900
upvoted 4 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel