ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 105 discussion

Actual exam question from CompTIA's SY0-501
Question #: 105
Topic #: 1
[All SY0-501 Questions]

A new firewall has been places into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network. Which of the following steps should be completed to BEST resolve the issue?

  • A. The firewall should be configured to prevent user traffic form matching the implicit deny rule.
  • B. The firewall should be configured with access lists to allow inbound and outbound traffic.
  • C. The firewall should be configured with port security to allow traffic.
  • D. The firewall should be configured to include an explicit deny rule.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Basem at Aug. 6, 2019, 4:37 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Megaabbey
Highly Voted 5 years, 5 months ago
The Answer is A, Poor write up, though.
upvoted 10 times
Hacking4Jesus
4 years, 10 months ago
Very poor lol
upvoted 1 times
...
...
MelvinJohn
Highly Voted 5 years, 2 months ago
A is correct - after further thought "should be configured to prevent user traffic form matching the implicit deny rule" implies ACLs. It doesn't say that the implicit deny will be removed.
upvoted 8 times
...
slackbot
Most Recent 5 months, 2 weeks ago
comptia - guess what i am thinking off you should NEVER prevent users from hitting the deny all - after all, it is their for a reason ACLs might take lots of time to setup, so - guess if comptia refer to an immediate solution (temporary - A) or permanent solution (B)
upvoted 1 times
...
DW_2020
4 years, 6 months ago
setting an ACL is fine, but how would you know if you've missed specific software used by the organisation? You need a better picture of what ports and protocols need to be allowed, so its A
upvoted 3 times
...
Hanzero
4 years, 7 months ago
Jesus questions are so poorly worded. But yes A is the answer.
upvoted 2 times
...
MagicianRecon
4 years, 10 months ago
“New Firewall”, “Configuration not added”. Firewalls by default have an implicit deny. So configure to not match implicit deny which effectively also means configuring rules to allow inbound and outbound traffic. A is correct
upvoted 4 times
...
kdce
4 years, 10 months ago
A, prevent user traffic from matching the implicit deny rule.
upvoted 1 times
...
renegade_xt
4 years, 11 months ago
should be B, as an ''unconfigured firewall'' has rule of allow any any
upvoted 1 times
renegade_xt
4 years, 11 months ago
upon research unconfigured firewall has a rule of deny any any. :( still think it should be B though
upvoted 5 times
...
...
bugabum
4 years, 11 months ago
fw best practise are to setup last rule ( on the bottom) to implicitly deny. It mean deny all which is not mention in a rules above.
upvoted 1 times
...
daniel10153
5 years, 2 months ago
testtest
upvoted 1 times
...
MelvinJohn
5 years, 2 months ago
B is correct. A would in essence allow ALL traffic - wide open. B would provide access rules to allow only desired traffic.
upvoted 2 times
...
a1037040
5 years, 6 months ago
I agree w/ AnAverageUser, I pondered at this for like an hour.. Although the question is poorly worded (a trademark of CompTIA), I believe the question is pointing towards an "immediate" remedy to the current situation which is providing end users immediate access to the rest of the (internal?) organization's network. B would be like setting rules at a larger scale for the organzation connecting to an external network/the Internet.
upvoted 6 times
...
Basem
5 years, 9 months ago
I think it should be B. Since the there are many ways to prent traffic from matching the implicit deny rule. We nee to configure the inbound and outbound user traffic. Does anyone agree ?
upvoted 2 times
Ethan_SEC
5 years, 8 months ago
Agreed
upvoted 1 times
...
AnAverageUser3656
5 years, 6 months ago
B would be implying all traffic, not just the users. A should be the answer.
upvoted 14 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago