Question 571 of 730 from exam SY0-601: CompTIA Security+

Question 571 of 730 from exam SY0-601: CompTIA Security+

Prev Question Next Question

Question

SIMULATION - A company recently added a DR site and is redesigning the network.

Users at the DR site are having issues browsing websites.

INSTRUCTIONS - Click on each firewall to do the following: 1

Deny cleartext web traffic.

2

Ensure secure management protocols are used.

3

Resolve issues at the DR site.

The ruleset order cannot be modified due to outside constraints.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Network Diagram Internet Datacenter Router Firewall 1 Web Server 10.0.0.254/24 10.0.0.1124 Firewall 2 Email Server 10.0.1.1124 DR Router Firewall 3 Web Server 192.168.0.254/24 192.168.0.1124
Firewall 1 Destination [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 10.0.0.1/24 10.0.1.1/24 192.168.0.1/24 PERMIT DENY HTTPS Outbound! [ANY 10.0.0.1/24 10.0.1.1/24 192.168.0.1/24 [ANY 10.0.0.1/24 10.0.1.1/24 192.168.0.1/24 [ANY 10.0.0.1/24 10.0.1.1/24 192.168.0.1/24 [ANY 10.0.0.1/24 10.0.1.1/24 1192.168.0.1/24 PERMIT DENY [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24
Firewall 2 Rule Name Destination DNS Rule [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 HTTPS Outbound| |ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 PERMIT DENY [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 PERMIT DENY [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 10.0.0.1/24 10.0.1.1/24 192.168.0.1/24 [ANY 10.0.0.1/24 10.0.1.1/24 192.168.0.1/24 [ANY 10.0.0.1/24 110.0.1.1/24 192.168.0.1/24 PERMIT DENY
Firewall 3 Rule Name Destination DNS Rule [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 PERMIT DENY [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 HTTPS Inbound [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 PERMIT DENY [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 PERMIT DENY

See explanation below.

Firewall 1: DNS Rule " ANY --> ANY --> DNS --> PERMIT HTTPS Outbound " 10.0.0.1/24 --> ANY --> HTTPS --> PERMIT Management " ANY --> ANY --> SSH--> PERMIT HTTPS Inbound " ANY --> ANY --> HTTPS --> PERMIT HTTP Inbound " ANY --> ANY --> HTTP --> DENY Firewall 2: No changes should be made to this firewall Firewall 3: DNS Rule " ANY --> ANY --> DNS --> PERMIT HTTPS Outbound " 192.168.0.1/24 --> ANY --> HTTPS --> PERMIT Management " ANY --> ANY --> SSH --> PERMIT HTTPS Inbound " ANY --> ANY --> HTTPS --> PERMIT HTTP Inbound " ANY --> ANY --> HTTP --> DENY.

Explanations

SIMULATION - A company recently added a DR site and is redesigning the network.

Users at the DR site are having issues browsing websites.

INSTRUCTIONS - Click on each firewall to do the following: 1

Deny cleartext web traffic.

2

Ensure secure management protocols are used.

3

Resolve issues at the DR site.

The ruleset order cannot be modified due to outside constraints.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Network Diagram Internet Datacenter Router Firewall 1 Web Server 10.0.0.254/24 10.0.0.1124 Firewall 2 Email Server 10.0.1.1124 DR Router Firewall 3 Web Server 192.168.0.254/24 192.168.0.1124
Firewall 1 Destination [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 10.0.0.1/24 10.0.1.1/24 192.168.0.1/24 PERMIT DENY HTTPS Outbound! [ANY 10.0.0.1/24 10.0.1.1/24 192.168.0.1/24 [ANY 10.0.0.1/24 10.0.1.1/24 192.168.0.1/24 [ANY 10.0.0.1/24 10.0.1.1/24 192.168.0.1/24 [ANY 10.0.0.1/24 10.0.1.1/24 1192.168.0.1/24 PERMIT DENY [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24
Firewall 2 Rule Name Destination DNS Rule [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 HTTPS Outbound| |ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 PERMIT DENY [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 PERMIT DENY [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 10.0.0.1/24 10.0.1.1/24 192.168.0.1/24 [ANY 10.0.0.1/24 10.0.1.1/24 192.168.0.1/24 [ANY 10.0.0.1/24 110.0.1.1/24 192.168.0.1/24 PERMIT DENY
Firewall 3 Rule Name Destination DNS Rule [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 PERMIT DENY [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 HTTPS Inbound [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 PERMIT DENY [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 [ANY 110.0.0.1/24 110.0.1.1/24 1192.168.0.1/24 PERMIT DENY

See explanation below.

Firewall 1: DNS Rule " ANY --> ANY --> DNS --> PERMIT HTTPS Outbound " 10.0.0.1/24 --> ANY --> HTTPS --> PERMIT Management " ANY --> ANY --> SSH--> PERMIT HTTPS Inbound " ANY --> ANY --> HTTPS --> PERMIT HTTP Inbound " ANY --> ANY --> HTTP --> DENY Firewall 2: No changes should be made to this firewall Firewall 3: DNS Rule " ANY --> ANY --> DNS --> PERMIT HTTPS Outbound " 192.168.0.1/24 --> ANY --> HTTPS --> PERMIT Management " ANY --> ANY --> SSH --> PERMIT HTTPS Inbound " ANY --> ANY --> HTTPS --> PERMIT HTTP Inbound " ANY --> ANY --> HTTP --> DENY.

Prev Question Next Question