SY0-701 Exam Dumps | An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound

Home
CompTIA
CompTIA Security+ Certification Exam
CompTIA.SY0-701.v2024-12-09.q133
Question 111

Valid SY0-701 Dumps shared by ExamDiscuss.com for Helping Passing SY0-701 Exam! ExamDiscuss.com now offer the newest SY0-701 exam dumps, the ExamDiscuss.com SY0-701 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com SY0-701 dumps with Test Engine here:

Access SY0-701 Dumps Premium Version
(645 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 111/133

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53

B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Correct Answer: D

A firewall ACL (access control list) is a set of rules that determines which traffic is allowed or denied by the firewall. The rules are processed in order, from top to bottom, until a match is found. The syntax of a firewall ACL rule is:
Access list <direction> <action> <source address> <destination address> <protocol> <port> To limit outbound DNS traffic originating from the internal network, the firewall ACL should allow only the device with the IP address 10.50.10.25 to send DNS requests to any destination on port 53, and deny all other outbound traffic on port 53. The correct firewall ACL is:
Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 The first rule permits outbound traffic from the source address 10.50.10.25/32 (a single host) to any destination address (0.0.0.0/0) on port 53 (DNS). The second rule denies all other outbound traffic on port 532.
References: CompTIA Security+ Certification Kit: Exam SY0-701, 7th Edition, Chapter 4, page 175.

Your email address will not be published. Required fields are marked *

Comment: *

Name: *

Email: *

Rating: *

Verification: *

Question List (133q): Question 1: A bank insists all of its vendors must prevent data loss on ...; Question 2: Which of the following best describe a penetration test that...; Question 3: A company is concerned about weather events causing damage t...; Question 4: An organization disabled unneeded services and placed a fire...; Question 5: An employee in the accounting department receives an email c...; Question 6: The CIRT is reviewing an incident that involved a human reso...; Question 7: Which of the following is used to quantitatively measure the...; Question 8: A company most likely is developing a critical system for th...; Question 9: A security team is reviewing the findings in a report that w...; Question 10: While considering the organization's cloud-adoption strategy...; Question 11: During an investigation, an incident response team attempts ...; Question 12: A security engineer is implementing FDE for all laptops in a...; Question 13: Which of the following is the most effective way to protect ...; Question 14: A systems administrator is changing the password policy with...; Question 15: Which of the following is the most likely to be included as ...; Question 16: A company wants to verify that the software the company is d...; Question 17: Which of the following are cases in which an engineer should...; Question 18: A security analyst finds a rogue device during a monthly aud...; Question 19: Which of the following allows for the attribution of message...; Question 20: Which of the following should a security administrator adher...; Question 21: Which of the following risk management strategies should an ...; Question 22: An administrator notices that several users are logging in f...; Question 23: Sine a recent upgrade (o a WLAN infrastructure, several mobi...; Question 24: A systems administrate wants to implement a backup solution....; Question 25: A security analyst is reviewing alerts in the SIEM related t...; Question 26: An administrator is Investigating an incident and discovers ...; Question 27: A company is planning to set up a SIEM system and assign an ...; Question 28: Which of the following is the phase in the incident response...; Question 29: A growing company would like to enhance the ability of its s...; Question 30: Which of the following data roles is responsible for identif...; Question 31: A financial institution would like to store its customer dat...; Question 32: Which of the following exercises should an organization use ...; Question 33: A website user is locked out of an account after clicking an...; Question 34: A security analyst reviews domain activity logs and notices ...; Question 35: A company hired a consultant to perform an offensive securit...; Question 36: The Chief Information Security Officer of an organization ne...; Question 37: An administrator was notified that a user logged in remotely...; Question 38: Which of the following scenarios describes a possible busine...; Question 39: Which of the following actions could a security engineer tak...; Question 40: Employees in the research and development business unit rece...; Question 41: Which of the following security concepts is accomplished wit...; Question 42: Which of the following environments utilizes a subset of cus...; Question 43: After an audit, an administrator discovers all users have ac...; Question 44: A company implemented an MDM policy 10 mitigate risks after ...; Question 45: Which of the following should a systems administrator use to...; Question 46: Two companies are in the process of merging. The companies n...; Question 47: A systems administrator wants to prevent users from being ab...; Question 48: The marketing department set up its own project management s...; Question 49: A user is attempting to patch a critical system, but the pat...; Question 50: A security operations center determines that the malicious a...; Question 51: An organization's internet-facing website was compromised wh...; Question 52: You are security administrator investigating a potential inf...; Question 53: A small business uses kiosks on the sales floor to display p...; Question 54: Which of the following would be best suited for constantly c...; Question 55: A security analyst locates a potentially malicious video fil...; Question 56: A company's end users are reporting that they are unable to ...; Question 57: An organization has too many variations of a single operatin...; Question 58: Security controls in a data center are being reviewed to ens...; Question 59: A company is planning a disaster recovery site and needs to ...; Question 60: An employee recently resigned from a company. The employee w...; Question 61: Which of the following must be considered when designing a h...; Question 62: Which of the following can a security director use to priori...; Question 63: A company is currently utilizing usernames and passwords, an...; Question 64: Which of the following most impacts an administrator's abili...; Question 65: A security administrator is deploying a DLP solution to prev...; Question 66: An organization implemented cloud-managed IP cameras to moni...; Question 67: A security consultant needs secure, remote access to a clien...; Question 68: Which of the following must be considered when designing a h...; Question 69: Which of the following is a primary security concern for a c...; Question 70: An organization would like to store customer data on a separ...; Question 71: An enterprise has been experiencing attacks focused on explo...; Question 72: A security engineer is working to address the growing risks ...; Question 73: Which of the following is a reason why a forensic specialist...; Question 74: A hacker gained access to a system via a phishing attempt th...; Question 75: After a security awareness training session, a user called t...; Question 76: Which of the following agreement types defines the time fram...; Question 77: An administrator finds that all user workstations and server...; Question 78: A newly appointed board member with cybersecurity knowledge ...; Question 79: Which of the following teams combines both offensive and def...; Question 80: Which of the following security concepts is being followed w...; Question 81: An organization maintains intellectual property that it want...; Question 82: An administrator is reviewing a single server's security log...; Question 83: Which of the following is a hardware-specific vulnerability?...; Question 84: A business received a small grant to migrate its infrastruct...; Question 85: Which of the following tools can assist with detecting an em...; Question 86: To improve the security at a data center, a security adminis...; Question 87: Which of the following can best protect against an employee ...; Question 88: After a recent ransomware attack on a company's system, an a...; Question 89: Which of the following is the best way to consistently deter...; Question 90: A company is expanding its threat surface program and allowi...; Question 91: An organization is leveraging a VPN between its headquarters...; Question 92: While troubleshooting a firewall configuration, a technician...; Question 93: A security manager is implementing MFA and patch management....; Question 94: A client demands at least 99.99% uptime from a service provi...; Question 95: An engineer moved to another team and is unable to access th...; Question 96: Which of the following factors are the most important to add...; Question 97: An IT security team is concerned about the confidentiality o...; Question 98: A security analyst receives alerts about an internal system ...; Question 99: Which of the following is a common source of unintentional c...; Question 100: Which of the following is used to validate a certificate whe...; Question 101: Which of the following tasks is typically included in the BI...; Question 102: A company requires hard drives to be securely wiped before s...; Question 103: The marketing department set up its own project management s...; Question 104: A newly identified network access vulnerability has been fou...; Question 105: Which of the following is the most common data loss path for...; Question 106: An organization wants to ensure the integrity of compiled bi...; Question 107: Security controls in a data center are being reviewed to ens...; Question 108: The local administrator account for a company's VPN applianc...; Question 109: department is not using the company VPN when accessing vario...; Question 110: A cybersecurity incident response team at a large company re...; Question 111: An enterprise is trying to limit outbound DNS traffic origin...; Question 112: An employee receives a text message from an unknown number c...; Question 113: Several employees received a fraudulent text message from so...; Question 114: A Chief Information Security Officer wants to monitor the co...; Question 115: After a company was compromised, customers initiated a lawsu...; Question 116: A company purchased cyber insurance to address items listed ...; Question 117: A spoofed identity was detected for a digital certificate. W...; Question 118: A technician is opening ports on a firewall for a new system...; Question 119: A company that is located in an area prone to hurricanes is ...; Question 120: Users at a company are reporting they are unable to access t...; Question 121: A company would like to provide employees with computers tha...; Question 122: During a security incident, the security operations team ide...; Question 123: After conducting a vulnerability scan, a systems administrat...; Question 124: A network manager wants to protect the company's VPN by impl...; Question 125: The application development teams have been asked to answer ...; Question 126: A security analyst is investigating an application server an...; Question 127: A vendor needs to remotely and securely transfer files from ...; Question 128: Which of the following roles, according to the shared respon...; Question 129: An IT manager informs the entire help desk staff that only t...; Question 130: An employee fell for a phishing scam, which allowed an attac...; Question 131: An organization is required to maintain financial data recor...; Question 132: A security administrator identifies an application that is s...; Question 133: Which of the following would most likely mitigate the impact...

[×]

Download PDF File

Enter your email address to download CompTIA.SY0-701.v2024-12-09.q133.pdf

Email:

Disclaimer:
Freecram doesn't offer Real GIAC Exam Questions. Freecram doesn't offer Real SAP Exam Questions. Freecram doesn't offer Real (ISC)² Exam Questions. Freecram doesn't offer Real CompTIA Exam Questions. Freecram doesn't offer Real Microsoft Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
Freecram material do not contain actual actual Oracle Exam Questions or material.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation.
Freecram Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc.
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Freecram does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Freecram does not own or claim any ownership on any of the brands.

Question 111/133

LEAVE A REPLY

Download PDF File