CompTIACompTIA
XK0-005 · Question #333
XK0-005 Question #333: Real Exam Question with Answer & Explanation
The correct answer is B: ipset destroy internal-blocked. To completely remove an existing ipset set from the system, including all its associated entries, the ipset destroy command must be used.
Security
Question
An administrator received a request from a security officer to eliminate a blacklisting set called internal-blocked the company is using in the iptables firewall. Which of the following commands will complete the task?
Options
- Aipset swap internal-blocked none
- Bipset destroy internal-blocked
- Cipset del internal-blocked
- Dipset remove internal-blocked
Explanation
To completely remove an existing ipset set from the system, including all its associated entries, the ipset destroy command must be used.
Common mistakes.
- A. ipset swap replaces the contents of one set with another or an empty set, but it does not destroy the original set from the system.
- C. ipset del is used to remove a specific entry (like an IP address or network) from a set, not to delete the set itself.
- D. ipset remove is not a standard ipset command for deleting an entire set; del is used for entries, and destroy for the set itself.
Concept tested. iptables ipset management
Reference. https://man7.org/linux/man-pages/man8/ipset.8.html
Topics
#ipset#firewall management#network security#Linux commands
Community Discussion
No community discussion yet for this question.