Exam SY0-501 topic 1 question 449 discussion

Sorry... Disagree with all who wrote a comment... The question clearly states "other external misconfigurations" thus eliminating all the answers that rely on configuring external devices such as routers, switches, and firewalls. The only answer left be process of elimination is A. I do not agree with the answer by any means. There are much better means by which a network can be isolated, air gap for one, but none the less, the only applicable answer is A. All the others are external devices.

it should be C A: as this is the terminal router, it's perfectly normal if the ttl is 1. the communication won't be disrrupted. B. if NAT will stop PCs from communicating with the internet, then what are we doing with our household machines everyday? D: protected ports are to avoid communications among switch ports.(https://networklessons.com/switching/protected-port-cisco-catalyst-switch)

Answer: A When the time to live (TTL) of a packet arrives at a router with a value of 1, the router subtracts 1 to obtain a TTL of 0. The router will then drop the packet. TTL is not discussed in the book.

to stop this fight please check https://www.routerfreak.com/ip-ttl-security/ Only answer that can be correct in this question is A

Terrible question. "other external configurations" limits it to A

This is another completely screwed up question by CompTIA. If they don't want to rely on external configurations, we're only left with option 'A' - but this only limits traffic out of the network. It doesn't stop traffic from reaching it. It may essentially provide the same result (i.e., no communication with the R&D network), but their question is mis-worded.

If you read this "regardless of the network firewall or other external misconfigurations" and you start eliminating the answers that rely on other devises A is the only one you wont delete...

Why bother messing about with TTL values and NATs when you can simply setup a router ACL which defines exactly how traffic should flow in and out of the network? Just simply setup a router ACL to block all inbound/outbound connections.

Not A,maybe B or C. TTL = 1 means that IP packets would be discarded at default gateway.So R&D cannot access anywhere except themselves.

A. If the TTL field reaches zero before the datagram arrives at its destination, then the datagram is discarded. https://social.technet.microsoft.com/Forums/en-US/ffffd4e3-db95-4c3b-b646-3ec9b707a529/changing-the-time-to-live-ttl-in-windows?forum=w7itpronetworking For Windows you can modify the registry value DefaultTTL using the following steps: 1. Open Registry Editor (regedit.exe). 2. Navigate to the following registry HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\Tcpip\Parameters. 3. In the right pane, add the following value: Name: DefaultTTL Type: REG_DWORD Valid Range: 1-255 4. After that, restart the computer and check the result.

A. TTL (Time-To-Live) A router do not forward and may discard a packet received with TTL=1. In such a case, a router may send an ICMP unreachable back to the sender. This can prevent internet traffic to the network.

I believe the correct answer is B. Remember NAT has different implementations. You guys are referring to Static NAT. Static NAT allows external hosts to contact internal hosts. Dynamic NAT, aka IP Masquerade, allows internal (private) hosts to contact external (public) hosts, but not vice versa. External hosts cannot initiate communications with internal hosts. Notice, the question does not mention that the network must not access the internet, rather it says, it must not be accessible from the internet.

Answer: C Keyword: "... accessible from the Internet" This is an inbound deny request. We need to deny inbound traffic, and the only possible way among the listed option is to implement an ACL on the router's interface. A: TTL set to 1 configures the outbound traffic one hop further from our designated router B: NAT allows accessibility to external networks and the internet. Will not deny inbound traffic D: Protected port is a switch mechanism which prevents switch ports from communicating with each other internally, here we would like to deny inbound traffic coming from the outside.

A router must decrement the TTL when forwarding the packet; but in the case of control traffic the router is the final destination / IP host, and a packet with TTL=1 is perfectly valid. (link-local)

I don't get this. I think the answer should be NAT since they don't want this network to be accessed from the internet.