SIMULATION -
Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below:
Untrusted zone: 0.0.0.0/0 -
User zone: USR 10.1.1.0/24 -
User zone: USR2 10.1.2.0/24 -
DB zone: 10.1.4.0/24 -
Web application zone: 10.1.5.0/24
Management zone: 10.1.10.0/24 -
Web server: 10.1.5.50 -
MS-SQL server: 10.1.4.70 -
MGMT platform: 10.1.10.250 -
Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports.
Firewall ACLs are read from the top down. Once you have met the simulation requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.
Task 1) A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.
Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
Task 4) Ensure the final rule is an explicit deny.
Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
Â
Suggested Answer: Please see the explanation below
Task 1: A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.
In Rule no. 1 edit the Action to Deny to block internet access from the management platform.
<img src="https://www.examtopics.com/assets/media/exam-media/04030/0005400001.png" alt="Reference Image" />
Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server.
In Rule no. 6 from top, edit the Action to be Permit.
<img src="https://www.examtopics.com/assets/media/exam-media/04030/0005400002.png" alt="Reference Image" />
Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.
In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.
<img src="https://www.examtopics.com/assets/media/exam-media/04030/0005400003.png" alt="Reference Image" />
Task 4: Ensure the final rule is an explicit deny
Enter this at the bottom of the access list i.e. the line at the bottom of the rule:
<img src="https://www.examtopics.com/assets/media/exam-media/04030/0005400004.png" alt="Reference Image" />
Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.
In Rule number 4 from top, edit the DST port to 443 from 80
<img src="https://www.examtopics.com/assets/media/exam-media/04030/0005500001.png" alt="Reference Image" />
This question is in CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam
For getting CompTIA Advanced Security Practitioner (CASP+) Certificate
Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA.
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.
