Exam SY0-601 topic 1 question 365 discussion

The best configuration to fulfil this requirement is B. ACL (Access Control List). An Access Control List can be used to restrict access to external service providers based on their IP addresses, enabling a secure method of publishing the internal website to the internet.

I miss stoneface

Disagree. If u keeping your web app internal, then use a NAC for level 4 control. But to expose the website to the public internet needs L7 protection which means a WAF.

B. ACL (Access Control List) Explanation: Access Control List (ACL): An ACL is a set of rules that controls incoming and outgoing traffic to a network resource based on IP addresses, ports, or protocols. By using ACLs, you can specify which external IP addresses are allowed to access the internal website, effectively limiting access to only the specified service providers. Why Not the Others? WAF (Web Application Firewall): A WAF helps protect web applications by filtering and monitoring HTTP traffic between a web application and the internet. While it provides security against a variety of attacks (e.g., SQL injection, cross-site scripting), it does not inherently control access based on the source of the traffic. It complements an ACL but does not replace it for access control purposes.

The BEST configuration to fulfill the requirement of publishing an internal website to the internet, reachable by a limited number of specific, external service providers in a secure manner, would be: C. WAF (Web Application Firewall). A WAF is specifically designed to protect web applications from a variety of attacks, including SQL injection, cross-site scripting (XSS), and other common web-based threats. By deploying a WAF in front of the internal website, the marketing department can enforce access controls, inspect and filter incoming web traffic, and apply security policies to ensure that only authorized external service providers can access the website. While ACLs (Access Control Lists) could be used to restrict access to specific IP addresses or ranges, they typically operate at a lower level of the network stack and may not provide the same level of application-layer protection as a WAF.

WAF (Web Application Firewall)

I had to go with WAF on this one. WAF is a firewall, and has ACL built into it. The only problem I have with this question is it asks for "configurations", not device, so maybe I'm wrong here. ACL is a configuration, WAF is a device. UGH!!!

The question asks for the “BEST” configuration not best technology. Whilst ACL is a capability of a WAF it is also the best configuration.

I initially accepted that this was ACL, but after going through all 800+ questions, studying comptia content, and coming back to this one, it's definitely WAF.

A VPN (virtual private network) is a secure tunnel used to encrypt traffic and prevent unauthorized access to the internal network. It is a secure way to extend a private network across public networks, such as the Internet, and can be used to allow remote users to securely access resources on the internal network. Additionally, a VPN can be used to prevent malicious traffic from entering the internal network.

WAF is the correct answer

ACL is the most logical answer here's why. NAC will be good if the vendors are physically connecting to the network. WAF only protects against web application attacks.

WAF will inspect traffic. ACL and NAT will allow the traffic. WAF is the higher security protocol as it looks at layer 7.

Considering practicality and efficiency, it's WAF. ACL using IP doesn't make sense if they use DHCP. Don't use NAC (+ VPN) coz it's not mentioning VPN.

"reachable by a limited number of specific". normally WAF but in this case protection by allowing some IP only thus ACL ..

C. WAF A WAF can be deployed in front of an internal website to filter and block malicious requests from the internet, while allowing authorized access from specific external service providers. A WAF can also provide encryption, authentication, and logging features to enhance the security of the web application.

ACL can be configured to allow only relevant IPs.