XK0-005 Question #129: Real Exam Question with Answer & Explanation

Question

A Linux administrator has installed a web application firewall in front of a web server running on HTTP port 8080 and successfully started the HTTP server. However, after opening the application URL in an Internet browser, the administrator discovered that the application does not work. The administrator performed the following diagnostic steps: Output of command: sysctl -a Output of iptables -L command: Output of netstat -nltop | grep "8080": Which of the following is the NEXT step the administrator should perform to permanently fix the issue at the kernel level?

Options

• Asysctl -w net.ipv4.ip_forward=1 then run sysctl -w /etc/sysctl.conf to enable
• BEdit file and add then run
• CAdd iptables rule iptables -A INPUT -m state --state NEW -p tcp --dport 8080
• DAdd iptables rule iptables -A FORWARD-m state --state NEW -p tcp --dport 8080

Explanation

To permanently enable IP forwarding at the kernel level, the administrator should edit /etc/sysctl.conf to add net.ipv4.ip_forward=1 and then apply the changes using sysctl -p.

Common mistakes.

• A. The command sysctl -w net.ipv4.ip_forward=1 enables IP forwarding only temporarily until the next reboot. sysctl -w /etc/sysctl.conf is an incorrect syntax to make changes persistent; sysctl -p is used to load configuration from the file.
• C. Adding an INPUT iptables rule for port 8080 would allow direct connections to the firewall itself on port 8080, but it would not enable packet forwarding through the firewall to a backend server.
• D. Adding a FORWARD iptables rule is correct for allowing forwarded traffic, but this step follows enabling IP forwarding at the kernel level. Without net.ipv4.ip_forward=1, no forwarding occurs regardless of FORWARD chain rules.

Concept tested. Enabling and persistently configuring IP forwarding

Reference. https://man7.org/linux/man-pages/man8/sysctl.8.html

No community discussion yet for this question.