A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL: Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality?
Considering the options and the goal of reducing organizational risk while maintaining functionality, the best choice would be:
E. Firewall: The security analyst should reconfigure the firewall ACL to carefully define and restrict outbound access, particularly regarding rules that allow traffic from the internal LAN network to external destinations. This can help prevent unintended data leakage, unauthorized access, and exposure to potential threats.
The only issue here is that the firewall has "from:any" a lot in all of it's ACL lines, and it needs to be reviewed again.
regarding port 3389 in Server2 it's not an issue because Implicit deny will deny any connection coming to it.
So I think it's E
Answer is B.
As an analyst, you're definitely not reconfiguring the firewall, and reconfiguring it would not maintain its "current functionality". As in, this is the way we want it set so don't change too much of it. The easiest way to maintain this is to make a rule change to PC2 because its allowing anyone to access it.
keyword here is "reconfigure to best reduce organizational risk while maintaining current functionality". Assuming to maintain current functionality as is of each asset, inbound connection especially for port 3389 should not be allowed or atleast controlled if not fully closed. Hence, E. Firewall.
For those pointing at PC2, if they need to change this, then they would also need to update the firewall. Since it's a firewall rule, I would make the assumption that it is supposed to be there.
I would lean towards Firewall just because RDP isn't getting through, or I could see reconfiguring the Server2 to get rid of RDP. Another poorly worded question either way.
E. This one seems a bit tricky. While Server 2 does have 3389 (probably should close it) open, there does not appear to be any rules allowing access to that port. However, SQL does have a permit rule from Any and that is an issue. So I would adjust the firewall rule for that device.
a lot of them recommend firewall because we need are reducing risk while "maintaining current functionality" - some devices on the LAN might need those ports open that are normally closed. Great point!
There isn't any permit rule going to that port and in case that someone attempts to connect through it will be denied by the implicit deny ACL at the end.
I believe B is the correct answer. Why would a PC be running as an SQL server? All the firewall rules are fine with the exception of 27, there is no reason that needs to be opened up to the world. Shutting the port down on the PC is the safest option. If someone were to gain access to the network through another channel they'd be able to exploit 1433 without having to pass the firewall.
10- Allow anyone to connect to svr1 via 80/443 depends on default.
15- Local net can connect to any DNS (DNS is 53)
16- Any to svr2 via DNS - Needs outside connection to advertise.
20- any ssl to svr1 - Generally secure, no issues
25- local net access to the outside world internet via 80/443
26- local net ssl access to outside world
27- any to connect to pc2 via 1433 - bad, shouldn't use 1433 on pc2
30- any to connect to svr1 via ssh - generally extremely secure with proper password implementation.
100 - deny anything else that doesn't meet the rules above.
I think I recant my original answer.
Mostly because "while maintaining current functionality" is holding me up. Seeing that port 1433 is open on the server and firewall, I assume that is a database server. Changing my answer to E as well.
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dymson
1 year, 7 months agoboxv4
1 year, 8 months agoboxv4
1 year, 8 months agoDutch012
1 year, 10 months agokiduuu
2 years agoSnkrsnaker1
2 years, 1 month agoslcc99
2 years, 1 month agokhrid4
2 years, 1 month agoOnA_Mule
2 years, 1 month ago2Fish
2 years, 1 month ago2Fish
2 years, 1 month agoNerdAlert
2 years agoaisling
2 years, 2 months agodb97
2 years, 2 months agoabsabs
2 years, 2 months agocatastrophie
2 years, 3 months agoTreymb6
2 years, 7 months agoTreymb6
2 years, 7 months agoamateurguy
2 years, 7 months agoAdonist
2 years, 8 months agoAbyad
2 years, 8 months agoshocker111
2 years, 8 months ago