XK0-005 · Question #1569
XK0-005 Question #1569: Real Exam Question with Answer & Explanation
The correct answer is C: iptables -A INPUT -p tcp --dport ssh -s 2.2.2.2 -j REJECT. The REJECT target sends back an error packet to the source IP address, indicating that the connection is refused by the firewall. This is different from the DROP target, which silently discards the packet without any response. The RETURN target returns to the previous chain, whic
Question
A Linux engineer needs to block an incoming connection from the IP address 2.2.2.2 to a secure shell server and ensure the originating IP address receives a response that a firewall is blocking the connection. Which of the following commands can be used to accomplish this task?
Options
- Aiptables -A INPUT -p tcp --dport ssh -s 2.2.2.2 -j DROP
- Biptables -A INPUT -p tcp --dport ssh -s 2.2.2.2 -j RETURN
- Ciptables -A INPUT -p tcp --dport ssh -s 2.2.2.2 -j REJECT
- Diptables -A INPUT -p tcp --dport ssh -s 2.2.2.2 -j QUEUE
Explanation
The REJECT target sends back an error packet to the source IP address, indicating that the connection is refused by the firewall. This is different from the DROP target, which silently discards the packet without any response. The RETURN target returns to the previous chain, which may or may not accept the connection. The QUEUE target passes the packet to a userspace application for further processing, which is not the desired outcome in this case.
Topics
Community Discussion
No community discussion yet for this question.