nerdexam
ExamsN10-005Questions#941
CompTIA

N10-005 · Question #941

N10-005 Question #941: Real Exam Question with Answer & Explanation

The correct answer is B: Deny 192.168.5.0/28192.168.5.16/28. To identify the blocking rule, calculate the subnets: 192.168.5.0/28 covers addresses .0–.15 (the user at .14 falls here), and 192.168.5.16/28 covers addresses .16–.31 (the server at .17 falls here). The rule 'Deny 192.168.5.0/28 → 192.168.5.16/28' explicitly blocks traffic origi

Question

A user reports that they are unable to access a new server but are able to access all other network resources. Based on the following firewall rules and network information, which of the following ACL entries is the cause? User's IP: 192.168.5.14 Server IP: 192.168.5.17 Firewall rules: Permit 192.168.5.16/28192.168.5.0/28 Permit 192.168.5.0/24192.168.4.0/24 Permit 192.168.4.0/24192.168.5.0/24 Deny 192.168.5.0/28192.168.5.16/28 Deny 192.168.14.0/24192.168.5.16/28 Deny 192.168.0.0/24192.168.5.0/24

Options

  • ADeny 192.168.0.0/24192.168.5.0/24
  • BDeny 192.168.5.0/28192.168.5.16/28
  • CDeny 192.168.14.0/24192.168.5.16/28
  • DImplicit Deny rule

Explanation

To identify the blocking rule, calculate the subnets: 192.168.5.0/28 covers addresses .0–.15 (the user at .14 falls here), and 192.168.5.16/28 covers addresses .16–.31 (the server at .17 falls here). The rule 'Deny 192.168.5.0/28 → 192.168.5.16/28' explicitly blocks traffic originating from the user's subnet (.0–.15) destined for the server's subnet (.16–.31). Since the user can reach other resources, it is not a broad implicit deny but this specific targeted deny rule that prevents access. Firewall ACLs are processed top-down, and this rule matches the user-to-server traffic before any implicit deny is reached.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full N10-005 Practice