nerdexam
CompTIA

SY0-301 · Question #874

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?

The correct answer is D. Access control lists. Access Control Lists (ACLs) are rule sets applied on Layer 3 devices (routers, Layer 3 switches, firewalls) that permit or deny traffic based on criteria such as source/destination IP addresses, protocols, and port numbers. To allow FTP traffic (TCP ports 20 and 21) from a new re

Security architecture

Question

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?

Options

  • AImplicit deny
  • BVLAN management
  • CPort security
  • DAccess control lists

How the community answered

(14 responses)
  • C
    7% (1)
  • D
    93% (13)

Explanation

Access Control Lists (ACLs) are rule sets applied on Layer 3 devices (routers, Layer 3 switches, firewalls) that permit or deny traffic based on criteria such as source/destination IP addresses, protocols, and port numbers. To allow FTP traffic (TCP ports 20 and 21) from a new remote site, the administrator would add ACL rules explicitly permitting that traffic. Implicit deny is a principle (all traffic not explicitly permitted is denied) already built into ACLs, not a separate implementation step. VLAN management segments networks at Layer 2 and does not directly control inter-site traffic. Port security is a Layer 2 feature that restricts which MAC addresses can access a switch port - not applicable for routing/traffic filtering at Layer 3.

Topics

#ACL#access control lists#layer 3#network traffic management

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice