Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
An engineer recently deployed a group of 100 web servers in a cloud environment. Per the security policy, all web-server ports except 443 should be disabled. Which of the following can be used to accomplish this task?
Not A or D.
Was not sure whether it should be B or C until I read the definition of SWGs in the official guide from CompTIA.
"An on-premises SWG is a proxy-based firewall, content filter, and intrusion detection/prevention system that mediates user access to Internet sites and services"
Except these servers are not on-premises they are all on the cloud, meaning they are IaaS and virtualized, and thus there are not hosts to base these firewalls on.
Secure Web Gateway works on OSI Layer 4, which blocks ports
https://www.ibm.com/products/secure-gateway#:~:text=The%20Secure%20Gateway%20service%20represents,server%2Dside%20and%20mutual%20authentication.
No. A secure web gateway protects users going out to the internet.
You can easily configure the host-based firewall through GPO and apply it to all machines at once.
This one asks which one is used for port blocking in WEB SERVERS.
SWG is primarily used to protect USERS from accessing or being infected by web threats.
I'll go with firewalls to explicitly allow 443.
Key factors to consider:
Network size and complexity: SWGs often suit larger, more intricate networks with diverse web traffic.
Security priorities: If granular web control and advanced threat protection are paramount, an SWG might be more suitable.
Budget and resources: SWGs typically involve additional costs and management overhead compared to host-based firewalls.
A network with 100 or more web servers would generally be considered larger and more intricate than networks with fewer servers.
The correct answer is "C." You can allow or deny specific ports using a host-based firewall. For example in Linux, "sudo ufw allow 443" would allow port 443 (https), and you can substitute with "allow" with "deny" for ports you want to deny.
C. Host-based firewall
To accomplish the task of disabling all web-server ports except 443, a host-based firewall can be used. A host-based firewall operates at the individual server level, allowing administrators to define rules and restrictions on incoming and outgoing network traffic for specific hosts. In this scenario, the host-based firewall on each of the 100 web servers can be configured to block traffic on all ports except port 443. This ensures that only traffic on port 443 (commonly used for secure HTTPS communication) is allowed, in accordance with the security policy. The other options are not directly related to the task at hand
Secure Web Gateways (SWG) provide more customized and granular control over web traffic and user activity. This includes setting policies, filtering content, and managing access. Firewalls, on the other hand, have limited control over web traffic and user activity and are mainly focused on controlling network access.
Host-based firewall (or personal firewall)—implemented as a software application running on a single host designed to protect that host only. As well as enforcing packet filtering ACLs, a personal firewall can be used to allow or deny software processes from accessing the network. SWG-A software application or gateway that filters client requests for various types of internet content (web, FTP, IM, and so on).
Secure Web Gateway (SWG) is a security solution that prevents unsecured internet traffic from entering an organization's internal network. Cloud-based proxy that enforces standards on URL filtering. I am going with B
https://www.comptia.org/blog/sase-secure-access-service-edge
To accomplish the task of disabling all web-server ports except 443, the most suitable option would be a host-based firewall. A host-based firewall can be configured to allow only specific ports, such as port 443 for secure web traffic, while blocking all other ports. This helps enforce the security policy and restrict access to the web servers. So, the correct answer is C. Host-based firewall.
While a Secure Web Gateway (SWG) can provide security features like URL filtering and malware protection, it may not be the best choice for this specific task of disabling web-server ports. SWGs are typically used for monitoring and securing web traffic, rather than controlling access to specific ports on individual servers. In this case, a host-based firewall would be more appropriate for the task at hand. Hope that clarifies things for you all.
A Secure Web Gateway (SWG) is typically used to protect the network at a perimeter level and focuses on filtering web traffic for security threats, content filtering, and enforcing security policies for outbound web traffic.
SWG is for (content filtering, malware protection, url redirection, time/resource policing) of the local network users out to the internet. NGFW is for external threats.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
YusufMadkour
Highly Voted 1 year, 7 months agoRevolutionaryAct
7 months, 2 weeks agoNICKJONRIPPER
1 year, 5 months agodaddylonglegs
6 months, 1 week agoshitgod
1 year, 4 months agoMondicles
Highly Voted 1 year, 7 months agoJustJess
Most Recent 1 month, 1 week agoOb_pk
3 months agoshaneo007
3 months agoNetworkTester1235
1 week agothea_smith
3 months, 1 week agoModiggs2004
3 months, 1 week agoImpactTek
3 months, 1 week agolockupmanjc
2 months, 1 week agoykt
3 months, 3 weeks agogetriecom
4 months ago_deleteme_
4 months, 1 week agoSaullostone
4 months, 1 week agotoluwalase022
4 months, 4 weeks agoNick5535
5 months agohapy
5 months, 2 weeks agobzona
5 months, 3 weeks agoutied
6 months, 1 week ago