Question 4 of 270 from exam CAS-003: CompTIA CASP+

Question 4 of 270 from exam CAS-003: CompTIA CASP+

Prev Question Next Question

Question

DRAG DROP - A security administrator must configure the database server shown below to comply with the four requirements listed.

Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement.

Answer options may be used once or not at all.

DB Server NIC2 10.0.10.20/24 NIC1 192.168.1.20/24 NIC3 172.16.0.20.20/24

Select and Place:

1) The DB server can only be managed from NIC3 ‘via RDP from the sysadmin 10,100,2.0/24 network 2) The web server in the 10.10.10.0/25 network should connect to the DB via NICI 3) The backup server at 172.30.10.3 should perform BD backups by connecting via the 192.168.1.0/24 network 4) The DB server should ot initiate outbound connections on NIC2 Permit TCP from 172.16.0.20/32 | | Permit TCP from 10.100.2.0/24 | | Permit UDP from 192.168.1.20 to to 10.10.10.0/25 port 1433 to 172.16.0.20/32 port 3389 172.30.10.3 Deny TCP from 10.0.10.20/24 to ANY Permit IP from 172.30.10.3 to 10.100.2.0 Permit TCP from 10.10.10.0/25 to 192.168.1.20/28 port 1433 Permit TCP from 10.100.2.0/24 to 172.16.0.20/24 port 1433 Permit Ip from 172.30.10.3 to 192.168.1.20 Deny IP from 10.0.10.20 to ANY

Explanations

1) The DB server can only be managed from NIC3 Permit TCP from 10.100.2.0/24 via RDP from the sysadmin 10.100,2.0/24 network ‘to 172.16.0.20/32 port 3389 2) The web server in the 10.10.10.0/25 network should Permit TCP from 10.10.10.0/25 connect to the DB via NICI to 192.168.1.20/24 port 1433 3) The backup server at 172.30.10.3 should perform BD Permit iP from 172.30.10.3 to backups by connecting via the 192.168.1.0/24 network, 192,168.1.20 4) The DB server should ot initiate outbound connections on NIC2 Deny IP from 10.0.10.20 to ANY Permit TCP from 172.16.0.20/32 Permit UDP from 192.168.1.20 to to 10.10.10.0/25 port 1433 172.30.10.3 Deny TP from 10.0.10.20/24to | | Permit iP from 172.30.10.3 to ANY 10,1002. Permit TCP from 10.100.2.0/24 to 172.16.0.20/24 port 1433
Prev Question Next Question