210-255 · Question #36
Refer to the Exhibit. A customer reports that they cannot access your organization's website. Which option is a possible reason that the customer cannot access the website?
The correct answer is D. Web traffic sent from 10.67.10.5 has been identified as malicious by Internet sensors.. When internet-facing threat intelligence sensors flag a server's traffic as malicious, that IP can be blocklisted by ISPs and security infrastructure, preventing external customers from reaching the website.
Question
Refer to the Exhibit. A customer reports that they cannot access your organization's website. Which option is a possible reason that the customer cannot access the website?
Exhibit
Options
- AThe server at 10.33.1.5 is using up too much bandwidth causing a denial- of-service.
- BThe server at 10.67.10.5 has a virus.
- CA vulnerability scanner has shown that 10.67.10.5 has been compromised.
- DWeb traffic sent from 10.67.10.5 has been identified as malicious by Internet sensors.
How the community answered
(24 responses)- A13% (3)
- B8% (2)
- C4% (1)
- D75% (18)
Why each option
When internet-facing threat intelligence sensors flag a server's traffic as malicious, that IP can be blocklisted by ISPs and security infrastructure, preventing external customers from reaching the website.
Excessive bandwidth consumption by an internal server would degrade or slow access for all users but would not produce a clean external block; this describes resource exhaustion rather than an access control action.
A virus on the server is an internal security finding and does not by itself cause external customers to be blocked from connecting to the website.
A vulnerability scanner result indicating compromise is an internal assessment output and does not directly result in external parties blocking customer access to the site.
Internet sensors operated by threat intelligence services such as Cisco Talos can identify and report outbound traffic from an IP as malicious. Once flagged, that IP address may be added to reputation blocklists consumed by upstream ISPs, firewalls, and DNS resolvers, causing customer connections to the website to be silently dropped or refused. This external reputation-based blocking is a direct and realistic cause for customers being unable to access the organization's site even when the server itself is technically online.
Concept tested: Threat intelligence blacklisting impact on external website accessibility
Source: https://www.cisco.com/c/en/us/products/security/talos-intelligence-group/index.html
Topics
Community Discussion
No community discussion yet for this question.
