nerdexam
GIAC

GSLC · Question #197

GSLC Question #197: Real Exam Question with Answer & Explanation

The correct answer is B. portsentry E. Fail2Ban. IP blocking tools automatically detect malicious network activity and deny traffic from offending IP addresses using firewall rules or host access controls.

Question

IP blocking is a technique that prevents the connection between a server/website and certain IP addresses or ranges of addresses. Which of the following tools use this technique? Each correct answer represents a complete solution. Choose all that apply.

Options

  • ASSHGuard
  • Bportsentry
  • COpenSSL
  • Dnmap
  • EFail2Ban

Explanation

IP blocking tools automatically detect malicious network activity and deny traffic from offending IP addresses using firewall rules or host access controls.

Common mistakes.

  • A. SSHGuard monitors logs for brute-force attempts against SSH and a narrow set of other services, and while it can invoke firewall actions, it is scoped to specific services rather than functioning as a general-purpose IP blocking framework.
  • C. OpenSSL is a cryptographic toolkit that implements SSL/TLS and manages certificates; it has no capability to monitor network traffic or block IP addresses.
  • D. Nmap is a network discovery and port scanning tool used to probe hosts and enumerate services; it contains no mechanism to block or deny IP addresses.

Concept tested. IP blocking tools - portsentry and Fail2Ban identification

Reference. https://www.fail2ban.org/wiki/index.php/Main_Page

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSLC Practice