Exam SY0-501 topic 1 question 337 discussion

There's a timezone problem on the 3 devices, but: - 08:01.11 user1 authenticated himself correctly on the fourth attempt - 14:01.16 corporate FW allowed RDP session - 09:01.17 workstation firewall has blocked the RDP session. So the right answer: E. The host firewall workstation is not allowing remote desktop connections

A. There is nothing indicating thatnetwork latency is a problem. B. User1 actually was able to login to the VPN on his/her fourth attempt C. Even though there are different times on each device, does not seem to be the problem. They could be at different locations (?). D. Not the issue here. E. Even though the corporate firewall allowed the connection from User1 to the PC, does not mean that the workstation will allow it. And as we can see, it dropped it. Answer: E

Answer: E The User1 password was hacked by a hacker at IP address 5.5.5.5, who set up a VPN. However, the remote connect was dropped by the workstation firewall.

It's E. In Lead2pass it said "The 9:01 entry in the host firewall shows a dropped rdp connection from the remote user. "

A is the correct answer . D is wrong beocue the action=drop , if it was action=denied would be right.

It looks like E is the answer, obviously not B, because "authentication succeeded". The second to last line on the workstation firewall looks like it says (msrdp) (action=drop) Looks like the corporate firewall accepted the RDP/3389 connection but the workstation did not. Although the dates are the same, the times are not.

If E was the right answer, then why was he allowed on the 5th try and was on for an hour according to the log?

im getting an error 404 for comptia page does anyone know why:

E for sure

VPN logs: #1 8:00:33, #2 8:00:39, #1 8:00:40. All wrong passwords. System locks the acces for 30 minutes and #4 8:01:11 -success.

The right answer is E how do we get them to change it

VPN - after three attempt was successfull + Company Firewall allowed connection Local host firewall sayd Drop msrdp port to remote host. Answer is E

Answer: E

Several answers could be happened by the logs.But the question is mention of preventing user access. VPN connected. FW 3389 accepted. I choose E.

D The Central Standard Time (CST) zone is 6 hours behind Greenwich Mean Time (GMT) so the router log shows CST -6. The VPN log shows that the workstation log is 5 hours behind. The corporate firewall log is straight GMT time. If you put all of the time entries into GMT time, the sequence is: Workstation log 2015-03-25 (CST-5) at 13:00.00 GMT from 10.1.1.5 to www.hackersite111111.com is allowed. VPN log 2015-03-25 (CST-6) at 14.00.28 GMT from User1 (5.5.5.5) wrong password. VPN log 2015-03-25 (CST-6) at 14:01.11 GMT from User1 (5.5.5.5) successful login. Corporate log 2015-03-25 (CST) at 14:01.12 GMT connection to 10.1.1.5 (RDP server) is denied Corporate log 2015-03-25 (CST) at 14.01.17 GMT connection to 10.1.1.5 (RDP server) on port 3389 succeeds Workstation log 2015-03-25 (CST-5) at 14:01.17 GMT connection from User1 to RDP server is dropped VPN log 2015-03-25 (CST-6) at 15:01.35 GMT VPN server timeout - disconnected [Notice that everyday at same time User1 is connected to the hacker1111 website]

Suggested answer b seems to be wrong tricky question. Logs from different timezones (cst-6,cst-5,CST) and different dates 03-25 login 08.01.11 (14:01:11) 03-25 pings from 14:01:12-14:01:16 03-25 rdp from 5.5.5.5 to 10.1.1.5 granted by firewall (14:01:16) 03-25 rdp from 5.5.5.5 to 10.1.1.5 blocked by workstation firewall 09:01:17 (14:01:17) So Correct answer seems to be E. The workstation host firewall is not allowing remote desktop connections.

Question asks what is preventing access. The corporate firewall log (in zulu time 6 hours ahead) shows 3389 - the port number for Remote Desktop Protocol. (RDP), accepted at 14.01.16 on 2015-03-25 - and the workstation firewall log shows allowed during that same timeframe from 2015-03-25 08:00.00 until 09:01.17 when “action=drop is logged (due to idle timeout?). So E is incorrect because RDP is accepted and allowed until timeout. B is also incorrect because user not locked out - after 3 attempts the user finally succeeds at 2015-03-25 08:01.11. Time synchronization ( C ) or latency ( A) are possible. I don’t see any evidence of D being correct (malware). But the sequence would likely be first the VPN timeout threshold is exceeded, then the workstation firewall log would register the “action=drop.” But that sequence is reversed. Action=drop at 09:01.17 is logged before the VPN timeout is logged at 09:01.35. So network latency is unlikely. How could a VPN condition be logged at the workstation firewall before it even occurred? So A is likely wrong. That leaves C as only possibility.