After a recent security incident, a security analyst discovered that unnecessary ports were open on a firewall policy for a web server. Which of the following firewall polices would be MOST secure for a web server? A. B. C. D.
Option C allows any insecure port, which is not the best configuration for securing a web server.
The correct answer is option D:
[Source Destination Port Action]
Any Any TCP 80 Allow
Any Any TCP 443 Allow
Any Any Any Deny
Explanation:
Option D: This policy allows access only to TCP ports 80 (HTTP) and 443 (HTTPS), which are the standard ports for web communication and are considered secure. All other traffic is denied, providing a more secure configuration for a web server.
Option D is the most secure firewall policy for a web server because it restricts access to only the necessary and secure ports (80 and 443) while denying all other traffic that could potentially be insecure or unnecessary for web server operations.
Also worth to mention that port 80 open does not mean all data is leaked.
It is a common practice to leave it open to allow for a redirect from 80 to 443.
This one was not in my exam but one very similar. It asked to allow web server, sftp, DHCP but specifically block FTP. The answer was the one with port 21 blocked.
if you have a web server you configure your nginx to run in port 443 and handle request in port 80
any other ports should be blocked to protect your server not the application
where ever you see "any - any - deny" or deny all as the last policy at the bottom, that is the most secure firewall policy configuration. It's a clean up rule.
Wrote the exams yesterday and passed. Please pay attention to these PBQs. they were all on the exams. Funny I wasnt paying must attention to them till about three hours before my exams. Anyway I passed with 785 score... I will say give these questions 90% of your attention and look for the 10% from other sources...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
stoneface
Highly Voted 2 years, 11 months agoProtract8593
2 years agobanditring
2 years, 11 months agoGigi42
1 year, 1 month agojgp
2 years, 10 months agofryderyk
1 year, 7 months agoSmeevil
2 years, 10 months agochael88
Highly Voted 2 years, 10 months agoroukettas
Most Recent 1 year agoPele9
1 year, 1 month agoDriftandLuna
2 years agoTariktarek2016
2 years, 3 months agoscarceanimal
2 years, 5 months agoSecurityArt
2 years, 8 months agoIphy23
2 years, 9 months agoinkedia3
2 years, 10 months agocomeragh
2 years, 10 months ago