ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam N10-008 All Questions

View all questions & answers for the N10-008 exam
Go to Exam

Exam N10-008 topic 1 question 236 discussion

Actual exam question from CompTIA's N10-008
Question #: 236
Topic #: 1
[All N10-008 Questions]

Logs show an unauthorized IP address entering a secure part of the network every night at 8:00 p.m. The network administrator is concerned that this IP address will cause an issue to a critical server and would like to deny the IP address at the edge of the network. Which of the following solutions would address these concerns?

  • A. Changing the VLAN of the web server
  • B. Changing the server's IP address
  • C. Implementing an ACL
  • D. Installing a rule on the firewall connected to the web server
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by JAMBER at Nov. 16, 2022, 7:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MitchF
Highly Voted 1 year, 5 months ago
GPT picks (C) Implementing an ACL (Access Control List) "An ACL is a security mechanism used to control and filter traffic based on rules or policies. By implementing an ACL at the edge of the network, you can explicitly deny traffic from the unauthorized IP address. This would prevent the unauthorized access to the secure part of the network and protect the critical server.
upvoted 5 times
MitchF
1 year, 5 months ago
GPT continues: "The other options have different purposes: (A) Changing the VLAN of the web server: Changing the VLAN of the web server wouldn't necessarily prevent the unauthorized access by a specific IP address. VLANs are used to segment network traffic, but they don't directly control access based on specific IP addresses. (B) Changing the server's IP address: Changing the server's IP address might temporarily mitigate the issue, but it's not a scalable solution, and the unauthorized IP address could still attempt to access the server using its new IP address. (D) Installing a rule on the firewall connected to the web server: This option is close to implementing an ACL. Installing a rule on the firewall to deny traffic from the unauthorized IP address is a valid approach to prevent access to the critical server. However, since option (C) specifically mentions "Implementing an ACL," which is a common method for controlling access based on IP addresses, it is the most direct and relevant solution for the scenario described."
upvoted 3 times
MitchF
1 year, 5 months ago
"Famco" below is right! The question mentions "at the edge of the network" and not at the level of server, so the answer MUST only be (C)!
upvoted 1 times
...
...
...
xihjr
Most Recent 11 months, 1 week ago
in context of the question, 1 would assume there's a webserver that sits between an edge router and a firewall. the ip had access to a secured part of the network meaning it went passed the edge router and the firewall that isolates the screened subnet from the private network. if this was the case, the edge of the network would be the edge router and not the firewall
upvoted 1 times
...
vinbra
1 year ago
SECURE PART OF THE NETWORK. This means it CAN NOT be D because a web server is not in a SECURE PART OF THE NETWORK, it will be in a DMZ which is not secure
upvoted 3 times
...
Dogster
1 year, 9 months ago
Selected Answer: C
1. its a stupid question, you have to asume one thing but not the other thing :/ i'm confused. but that is often with these questions. 2. the firewall may be the border device it might not be, but an ACL always will do the JOB. it isn;t stated that the firewall is also connected to that "critical server", which server ?? see point 3 3. in the question it is mentioned that: it might cause an issue to an critical server.... it is not said he is concerned about the webserver. leaving only C because a new rule on (some)firewall connected to the webserver might not protect that critical server.
upvoted 4 times
...
Quepis
1 year, 10 months ago
ChatGPT says, "The most effective action to address these concerns is to block the unauthorized IP address at the network edge using a firewall. The firewall can be configured to deny traffic originating from the specific IP address at the designated time of 8:00 p.m. By doing so, the unauthorized user will be prevented from accessing the secure part of the network and potentially causing an issue to the critical server."
upvoted 1 times
...
famco
1 year, 10 months ago
The answer is C. The reason being they ask "at the edge of the network" and not at the level of webserver. But in practice it is good to have it at the webserver level also for a zero trust architecture
upvoted 4 times
famco
1 year, 10 months ago
I mean for defence in depth it is better to have at both levels. It is also about zero trust that not everything in the perimeter is trusted
upvoted 1 times
...
...
1stAid
1 year, 10 months ago
Selected Answer: C
C. I would want to apply an ACL rule to the network and not just apply a rule on the web server. I would go with C
upvoted 2 times
...
1Abel1
1 year, 10 months ago
Selected Answer: D
Do not forget that there is already an implemented ACL at the edge of the network because without an ACL implemented the server will be porous. Despite this fact, the IP address was still able to bypass it into the network. Because of this reason, the administrator should Install a rule on the firewall that will deny that particular "IP address" from the network. So D is the correct answer.
upvoted 1 times
1stAid
1 year, 10 months ago
Applying a deny ACL to the whole network makes more sense than just applying a firewall rule on just the WEB Server
upvoted 2 times
jeanj
1 year, 2 months ago
yes but its not asking for all that
upvoted 1 times
...
...
...
StellarSteve
1 year, 10 months ago
Selected Answer: D
Option D, installing a rule on the firewall connected to the web server, would address the concerns of the network administrator. A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. By installing a rule on the firewall connected to the web server, the network administrator can deny the unauthorized IP address at the edge of the network, preventing it from accessing the critical server.
upvoted 1 times
...
max319
1 year, 11 months ago
Selected Answer: C
To deny it on the EDGE of the network you would use an ACL on the edge router or firewall on the edge of the network. A firewall on the web server still allows entry into the network it just blocks off the web server.
upvoted 4 times
...
JakeCharles
2 years, 1 month ago
Selected Answer: D
D. Installing a rule on the firewall connected to the web server would be the most effective solution to prevent the unauthorized IP address from accessing the secure part of the network. A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. By installing a rule that specifically denies traffic from the unauthorized IP address, the network administrator can ensure that the IP address is not able to access the secure part of the network. This is a more effective solution than changing the VLAN of the web server, changing the server's IP address, or implementing an ACL, because these measures would not directly address the issue of the unauthorized IP address accessing the network.
upvoted 2 times
...
JAMBER
2 years, 3 months ago
I chose "C" the correct answer, due to process of elimination. However, the questions adds that "the IP address is unauthorized" that leads one to think there is already an ACL, and that the unauthorized IP is getting access through other means. Why would you need to create an ACL?
upvoted 4 times
JakeCharles
2 years, 1 month ago
C is a wrong answer. While implementing an ACL (access control list) could potentially help to prevent the unauthorized IP address from accessing the secure part of the network, it would not be the most effective solution in this scenario. An ACL is a list of permissions that is used to allow or deny traffic based on the source and destination IP addresses, port numbers, and protocol types. While an ACL could be used to deny traffic from the unauthorized IP address, it would not be as effective as installing a rule on the firewall specifically designed to block the IP address. This is because an ACL is typically applied to a specific device, such as a router or switch, rather than the entire network. As a result, the unauthorized IP address could potentially access the secure part of the network through other devices that do not have the ACL applied.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel