nerdexam
ExamsN10-005Questions#479
CompTIA

N10-005 · Question #479

N10-005 Question #479: Real Exam Question with Answer & Explanation

The correct answer is B: Deny any source network 1.1.1.0/24 to destination any on port 23. Telnet uses destination TCP port 23. The source address 1.1.1.2/24 implies the /24 network 1.1.1.0/24. The correct rule must block traffic originating from the 1.1.1.0/24 network going to any destination on port 23 (destination port). Option B does exactly this. Options A and D i

Question

Which of the following firewall rules will block destination telnet traffic to any host with the source IP address 1.1.1.2/24?

Options

  • ADeny any source host on source port 23 to destination any
  • BDeny any source network 1.1.1.0/24 to destination any on port 23
  • CDeny source host 1.1.12 on source port 23 to destination any
  • DDeny any source network 1.1.1.0/24 with source port 23 to destination any

Explanation

Telnet uses destination TCP port 23. The source address 1.1.1.2/24 implies the /24 network 1.1.1.0/24. The correct rule must block traffic originating from the 1.1.1.0/24 network going to any destination on port 23 (destination port). Option B does exactly this. Options A and D incorrectly reference source port 23 - Telnet clients use a random ephemeral source port and connect TO destination port 23, so filtering on source port 23 would be wrong and ineffective. Option C references a single host with a typo (1.1.12) rather than a network, making it both incorrect in scope and malformed.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full N10-005 Practice