ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam
Go to Exam

Exam SY0-701 topic 1 question 172 discussion

Actual exam question from CompTIA's SY0-701
Question #: 172
Topic #: 1
[All SY0-701 Questions]

The CIRT is reviewing an incident that involved a human resources recruiter exfiltrating sensitive company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?

  • A. WAF utilizing SSL decryption
  • B. NGFW utilizing application inspection
  • C. UTM utilizing a threat feed
  • D. SD-WAN utilizing IPSec
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Shaman73 at June 6, 2024, 1:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dbrowndiver
Highly Voted 9 months ago
NGFW utilizing application inspection is the correct answer because it provides the necessary application-level awareness to detect and block HTTP traffic over non-standard ports, such as port 53. The NGFW's advanced inspection capabilities allow it to enforce security policies that prevent unauthorized data exfiltration, making it an essential component of modern network security infrastructure.
upvoted 6 times
...
Syl0
Highly Voted 8 months ago
WAF - Web App Firewall NGFW - Next Generation Firewall UTM - Unified Threat Management SD-WAN - Software defined Wide area network
upvoted 5 times
...
dbrowndiver
Most Recent 9 months ago
NGFW utilizing application inspection is the correct answer because it provides the capability to identify and block unauthorized applications and traffic using non-standard ports, such as HTTP traffic over port 53. Its advanced inspection capabilities make it well-suited to detect and prevent data exfiltration methods that involve protocol and port misuse.
upvoted 1 times
...
Etc_Shadow28000
10 months, 4 weeks ago
Selected Answer: B
B. NGFW utilizing application inspection A Next-Generation Firewall (NGFW) utilizing application inspection could have identified and blocked the use of HTTP over port 53. NGFWs have advanced capabilities that allow them to inspect and identify traffic based on the application layer, not just the port and protocol, enabling them to detect and prevent non-standard use of ports for malicious activities. Therefore, the correct answer is: B. NGFW utilizing application inspection
upvoted 5 times
...
Shaman73
11 months ago
Selected Answer: B
B. NGFW utilizing application inspection
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago