SY0-501 · Question #259
SY0-501 Question #259: Real Exam Question with Answer & Explanation
The correct answer is C: Rule 3: deny from inside to outside source any destination {blocked sites} service http-https. A Chief Security Officer cannot access a website, and the question asks which firewall rule based on a provided list of blocked sites is preventing access.
Question
A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a accessing the site? Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars?
Options
- ARule 1: deny from inside to outside source any destination any service smtp
- BRule 2: deny from inside to outside source any destination any service ping
- CRule 3: deny from inside to outside source any destination {blocked sites} service http-https
- DRule 4: deny from any to any source any destination any service any
Explanation
A Chief Security Officer cannot access a website, and the question asks which firewall rule based on a provided list of blocked sites is preventing access.
Common mistakes.
- A. This rule denies SMTP traffic, which is used for email communication and not for accessing websites.
- B. This rule denies ping traffic, which is used for network connectivity testing (ICMP) and not for accessing websites.
- D. This rule would deny all traffic to any destination and service, which is an overly broad block and does not specifically target the list of blocked websites as implied by the scenario.
Concept tested. Firewall content filtering and web access control
Reference. https://learn.microsoft.com/en-us/azure/firewall/fqdn-filtering
Community Discussion
No community discussion yet for this question.