SY0-501 · Question #508
SY0-501 Question #508: Real Exam Question with Answer & Explanation
The correct answer is B: DLP. The log file shows traffic being dropped on Ann's local system, indicating a host-based security control is blocking outbound connections to the application on port 443.
Question
Ann, a user, reports she is unable to access an application from her desktop. A security analyst verifies Ann's access and checks the SIEM for any errors. The security analyst reviews the log file from Ann's system and notices the following output: 2017--08-21 10:48:12 DROP TCP 172.20.89.232 239.255.255.255 443 1900 250 -------- RECEIVE 2017--08-21 10:48:12 DROP UDP 192.168.72.205 239.255.255.255 443 1900 250 -------- RECEIVE Which of the following is MOST likely preventing Ann from accessing the application from the desktop?
Options
- AWeb application firewall
- BDLP
- CHost-based firewall
- DUTM
- ENetwork-based firewall
Explanation
The log file shows traffic being dropped on Ann's local system, indicating a host-based security control is blocking outbound connections to the application on port 443.
Common mistakes.
- A. A web application firewall operates at the application layer on the server side to protect web applications, and its logs would not appear on Ann's local desktop system.
- B. Data Loss Prevention (DLP) solutions are designed to prevent unauthorized data exfiltration, not to block inbound/outbound network connections at the transport layer as shown in the log.
- D. A Unified Threat Management (UTM) appliance is a network-based device whose logs would appear on the UTM appliance itself, not on Ann's local desktop system.
- E. A network-based firewall operates on a separate network device, and its drop logs would be recorded on that device rather than appearing in the log file pulled from Ann's desktop system.
Concept tested. Identifying host-based firewall logs blocking application access
Community Discussion
No community discussion yet for this question.