SY0-701 Exam Dumps | An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound

Home
CompTIA
CompTIA Security+ Certification Exam
CompTIA.SY0-701.v2024-02-16.q40
Question 37

Valid SY0-701 Dumps shared by ExamDiscuss.com for Helping Passing SY0-701 Exam! ExamDiscuss.com now offer the newest SY0-701 exam dumps, the ExamDiscuss.com SY0-701 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SY0-701 dumps with Test Engine here:

Access SY0-701 Dumps Premium Version
(645 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 37/40

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53

B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Correct Answer: D

Explanation
A firewall ACL (access control list) is a set of rules that determines which traffic is allowed or denied by the firewall. The rules are processed in order, from top to bottom, until a match is found. The syntax of a firewall ACL rule is:
Access list <direction> <action> <source address> <destination address> <protocol> <port> To limit outbound DNS traffic originating from the internal network, the firewall ACL should allow only the device with the IP address 10.50.10.25 to send DNS requests to any destination on port 53, and deny all other outbound traffic on port 53. The correct firewall ACL is:
Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 The first rule permits outbound traffic from the source address 10.50.10.25/32 (a single host) to any destination address (0.0.0.0/0) on port 53 (DNS). The second rule denies all other outbound traffic on port 532.
References: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4, page 175.

Your email address will not be published. Required fields are marked *

Comment: *

Name: *

Email: *

Rating: *

Verification: *

Question List (40q): Question 1: Which of the following is the most likely to be included as ...; Question 2: Which of the following vulnerabilities is associated with in...; Question 3: Which of the following can be used to identify potential att...; Question 4: An organization's internet-facing website was compromised wh...; Question 5: An organization is leveraging a VPN between its headquarters...; Question 6: During an investigation, an incident response team attempts ...; Question 7: A network manager wants to protect the company's VPN by impl...; Question 8: A client asked a security company to provide a document outl...; Question 9: A security analyst and the management team are reviewing the...; Question 10: The management team notices that new accounts that are set u...; Question 11: Which of the following vulnerabilities is exploited when an ...; Question 12: An administrator finds that all user workstations and server...; Question 13: A technician wants to improve the situational and environmen...; Question 14: After a company was compromised, customers initiated a lawsu...; Question 15: A company's legal department drafted sensitive documents in ...; Question 16: A company is planning to set up a SIEM system and assign an ...; Question 17: A newly appointed board member with cybersecurity knowledge ...; Question 18: A security practitioner completes a vulnerability assessment...; Question 19: Which of the following is the most likely to be used to docu...; Question 20: An enterprise is trying to limit outbound DNS traffic origin...; Question 21: Which of the following would be the best way to block unknow...; Question 22: An administrator notices that several users are logging in f...; Question 23: A data administrator is configuring authentication for a Saa...; Question 24: A U.S.-based cloud-hosting provider wants to expand its data...; Question 25: Several employees received a fraudulent text message from so...; Question 26: A systems administrator works for a local hospital and needs...; Question 27: A company hired a consultant to perform an offensive securit...; Question 28: A systems administrator is looking for a low-cost applicatio...; Question 29: A penetration tester begins an engagement by performing port...; Question 30: During a security incident, the security operations team ide...; Question 31: A company's web filter is configured to scan the URL for str...; Question 32: A company purchased cyber insurance to address items listed ...; Question 33: Which of the following automation use cases would best enhan...; Question 34: A software development manager wants to ensure the authentic...; Question 35: An employee receives a text message that appears to have bee...; Question 36: An attacker posing as the Chief Executive Officer calls an e...; Question 37: An enterprise is trying to limit outbound DNS traffic origin...; Question 38: An employee clicked a link in an email from a payment websit...; Question 39: Which of the following enables the use of an input field to ...; Question 40: While troubleshooting a firewall configuration, a technician...

[×]

Download PDF File

Enter your email address to download CompTIA.SY0-701.v2024-02-16.q40.pdf

Email:

Disclaimer:
Freecram doesn't offer Real GIAC Exam Questions. Freecram doesn't offer Real SAP Exam Questions. Freecram doesn't offer Real (ISC)² Exam Questions. Freecram doesn't offer Real CompTIA Exam Questions. Freecram doesn't offer Real Microsoft Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
Freecram material do not contain actual actual Oracle Exam Questions or material.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation.
Freecram Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc.
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Freecram does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Freecram does not own or claim any ownership on any of the brands.

Question 37/40

LEAVE A REPLY

Download PDF File