SY0-301 · Question #732
A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses
The correct answer is C. Access control lists. The security administrator is applying Access Control Lists (ACLs) by evaluating the requested port against known security risks and denying it based on policy.
Question
A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application's task. Which of the following is the security administrator practicing in this example?
Options
- AExplicit deny
- BPort security
- CAccess control lists
- DImplicit deny
How the community answered
(16 responses)- A6% (1)
- B19% (3)
- C69% (11)
- D6% (1)
Why each option
The security administrator is applying Access Control Lists (ACLs) by evaluating the requested port against known security risks and denying it based on policy.
Explicit deny is a specific ACL rule that actively blocks defined traffic, but the scenario describes a broader policy decision process, not a single explicit rule entry.
Port security refers specifically to switch-level controls limiting which MAC addresses can connect to a physical port, not firewall port filtering.
Access Control Lists are rule sets used to permit or deny traffic based on attributes such as port numbers. By evaluating the port request against a known threat (a virus-associated port) and denying it while suggesting an alternative, the administrator is actively managing and enforcing ACL-based firewall policy.
Implicit deny is the default deny-all rule at the end of an ACL that blocks unmatched traffic automatically, not an administrative decision to evaluate and reject a request.
Concept tested: Access control lists and port-based firewall policy
Source: https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
Topics
Community Discussion
No community discussion yet for this question.