Exam SY0-601 topic 1 question 214 discussion

This is just a breakdown of the ports: 67 & 68 = DHCP (Dynamic Host Configuration Protocol): DHCP a client/server protocol that automatically provides IP addresses to clients. UDP Port 67 is used by the DHCP server to dynamically assign IP addresses. UDP Port 68 is the DHCP client port which is used by clients to obtain an IP address from a DHCP server. 20 & 21 = FTP (File Transfer Protocol): FTP is used to communicate and transfer files between computers. TCP Port 20 is the "data port" where the actual data transfer occurs and Port 21 is the "control port" where the client makes the connection request and management. 22 = SSH (Secure Shell) & SFTP (Secure File Transfer Protocol): SSH is a protocol that enables two computers to communicate securely by encrypting the connection. SFTP is a secure file transfer protocol that uses SSH encryption to securely send and receive file transfers. 80 & 443 = HTTP / HTTPS: HTTP(80) is a default network port used to send and receive unencrypted web pages. HTTPS(443) is HTTP but uses TLS to encrypt normal HTTP requests/responses.

A is correct, DHCP ports are 67,68, FTP:21, SFTP:22, and web pages are accessed through 443 and insecure http 80.

FTP uses 2 ports 20 and 21 (21 for establishing a connection and 20 for data transfer) We blocked only port 21 (without a connection, no data can be exchanged). We also need to block the rest of the ports because the question explicitly stated that only 3 protocols are allowed namely DHCP, FTP, and Web page protocols (this includes both HTTP and HTTPS).

Great info! Big help.

Everything is allowed except FTP. Answer is A. Ftp is port 21 and is DENY.

C and D don't have deny All as the last rule, so they're out. A and B differ only in what port they deny 21 or 22. Even if you don't remember ports, if easy to assume, that Secure FTP would use higher port than insecure, so A.

So, option A allows the desired services while blocking FTP, which aligns with the specified goal. My previous response was incorrect, and I appreciate your clarification. Option A is indeed the correct answer.(CHATGPT4)

A. [Permission Source Destination Port] Allow: Any Any 80 - Allow: Any Any 443 - Allow: Any Any 67 - Allow: Any Any 68 - Allow: Any Any 22 - Deny: Any Any 21 - This firewall rule set allows the subnet to access DHCP (ports 67 and 68), web pages (ports 80 and 443), and SFTP (port 22) while specifically blocking FTP (port 21).

per chat gpt Let's break down the rule set: The first two rules allow any source to access destination ports 80 (HTTP) and 443 (HTTPS) for web pages. The third and fourth rules allow any source to access destination ports 67 and 68 for DHCP. The fifth rule specifically denies any source from accessing destination port 22 (SSH), which is used for SFTP. The sixth rule allows any source to access destination port 21 for FTP, which is explicitly allowed. The last rule denies any other traffic that does not match the preceding rules. By configuring the firewall rule set in this manner, access to DHCP, web pages, and SFTP is permitted, while FTP access is explicitly blocked.

The correct answer is B. Explanation: The firewall rule set needs to allow DHCP, web pages, and SFTP and specifically block FTP. Therefore, options A, C, and D can be eliminated based on the following reasons: Option A: It allows access to port 21 which is FTP, and the question requires it to be blocked. It also has an unnecessary deny rule at the end. Option C: It blocks ports 67 and 68 which are used for DHCP, and the question requires them to be allowed. It has an unnecessary allow rule at the end. Option D: It allows FTP which is required to be blocked. Option B: It allows DHCP, web pages, and SFTP by allowing access to ports 67, 68, 80, 443, and 22 respectively. It specifically blocks FTP by denying access to port 21. It also has an unnecessary deny rule at the end, but it does not impact the functionality of the rule set.

originally I picked C) The firewall rule set that would best accomplish this goal is: [Permission Source Destination Port] Allow: Any Any 80 - Allow: Any Any 443 - Allow: Any Any 22 - Deny: Any Any 67 - Deny: Any Any 68 - Deny: Any Any 21 - This rule set allows access to DHCP, web pages, and SFTP while specifically blocking FTP.

A. [Permission Source Destination Port] Allow: Any Any 80 - Allow: Any Any 443 - Allow: Any Any 67 - Allow: Any Any 68 - Allow: Any Any 22 - Deny: Any Any 21 - Deny: Any Any This firewall rule set would accomplish the goal of only allowing access to DHCP, web pages, and SFTP, and specifically blocking FTP. The firewall would allow access to ports 80 and 443, which are the standard ports for web pages. Port 67 and 68 are the standard ports for DHCP. Port 22 is the standard port for SFTP. FTP uses port 21, which is blocked in the rule set. The final rule, "Deny: Any Any" would block all other traffic that does not match the allowed ports.

A is the answer

You need to know your ports this time around. They are testing your knowledge on that. Look up common ports and try to hold those to memory. That will help you with a few questions on the exam.

Agree with A being correct here. Initially narrowed it down to A and C and narrowed down further to A being correct answer as C was blocking port 67/68 (DHCP)

allow http = 80 https = 443 DHCP client = 68 DHCP server = 67 SFTP = 22 deny FTP = 21