nerdexam
CompTIA

SY0-301 · Question #732

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses

The correct answer is C. Access control lists. The security administrator is applying Access Control Lists (ACLs) by evaluating the requested port against known security risks and denying it based on policy.

Security architecture

Question

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application's task. Which of the following is the security administrator practicing in this example?

Options

  • AExplicit deny
  • BPort security
  • CAccess control lists
  • DImplicit deny

How the community answered

(16 responses)
  • A
    6% (1)
  • B
    19% (3)
  • C
    69% (11)
  • D
    6% (1)

Why each option

The security administrator is applying Access Control Lists (ACLs) by evaluating the requested port against known security risks and denying it based on policy.

AExplicit deny

Explicit deny is a specific ACL rule that actively blocks defined traffic, but the scenario describes a broader policy decision process, not a single explicit rule entry.

BPort security

Port security refers specifically to switch-level controls limiting which MAC addresses can connect to a physical port, not firewall port filtering.

CAccess control listsCorrect

Access Control Lists are rule sets used to permit or deny traffic based on attributes such as port numbers. By evaluating the port request against a known threat (a virus-associated port) and denying it while suggesting an alternative, the administrator is actively managing and enforcing ACL-based firewall policy.

DImplicit deny

Implicit deny is the default deny-all rule at the end of an ACL that blocks unmatched traffic automatically, not an administrative decision to evaluate and reject a request.

Concept tested: Access control lists and port-based firewall policy

Source: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

Topics

#access control lists#firewall rules#port security#network security

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice