Please explain like I'm a 6 years old
I got this question wrong. I won't tell you what I answered, but I want to see what you will answer and get it wrong like me. Please also explain why you chose that answer as well. Thanks.
A database administrator contacts a security administrator to request firewall changes for a
connection to a new internal application. The security administrator notices that the new
application uses a port typically monopolized by a virus. The security administrator denies the
request and suggests a new port or service be used to complete the application’s task. Which of
the following is the security administrator practicing in this example?
A.
Explicit deny
B.
Port security
C.
Access control lists
D.
Implicit deny
A database administrator contacts a security administrator to request firewall changes for a
connection to a new internal application. The security administrator notices that the new
application uses a port typically monopolized by a virus. The security administrator denies the
request and suggests a new port or service be used to complete the application’s task. Which of
the following is the security administrator practicing in this example?
A.
Explicit deny
B.
Port security
C.
Access control lists
D.
Implicit deny
"If you want to kick the tiger in his ass, you'd better have a plan for dealing with his teeth."
Comments
-
McxRisley Member Posts: 494 ■■■■■□□□□□The answer is C. The question specifically calls out a firewall and ports and services. You have to read CompTIA questions very carefully.I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
-
NetworkNewb Member Posts: 3,298 ■■■■■■■■■□Access Control Lists, but I can see an argument for Implicit Deny too
-
mgeoffriau Member Posts: 162 ■■■□□□□□□□That's funny, I'd argue for Explicit Deny. The admin notices the port being used and chooses to deny it.CISSP || A+ || Network+ || Security+ || Project+ || Linux+ || Healthcare IT Technician || ITIL Foundation v3 || CEH || CHFI
M.S. Cybersecurity and Information Assurance, WGU -
TechGuru80 Member Posts: 1,539 ■■■■■■□□□□That’s a terrible question...the admin is using access control lists to control traffic...but he or she specifically is explicitly denying that port request.
-
mgeoffriau Member Posts: 162 ■■■□□□□□□□That's why I chose "explicit deny" -- they are using ACLs, but they are "practicing" explicit deny.CISSP || A+ || Network+ || Security+ || Project+ || Linux+ || Healthcare IT Technician || ITIL Foundation v3 || CEH || CHFI
M.S. Cybersecurity and Information Assurance, WGU -
TheFORCE Member Posts: 2,297 ■■■■■■■■□□Use next generation application layer firewall. Create a rule to allow application A on port xyz. Even if a virus ises that port it wont pass.
-
si20 Member Posts: 543 ■■■■■□□□□□I got this question wrong. I won't tell you what I answered, but I want to see what you will answer and get it wrong like me. Please also explain why you chose that answer as well. Thanks.
A database administrator contacts a security administrator to request firewall changes for a
connection to a new internal application. The security administrator notices that the new
application uses a port typically monopolized by a virus. The security administrator denies the
request and suggests a new port or service be used to complete the application’s task. Which of
the following is the security administrator practicing in this example?
A.
Explicit deny
B.
Port security
C.
Access control lists
D.
Implicit deny
Ok, so here's my thought process:
database administrator - not relevant. Security administrator - not too relevant. The key bits of info we see are: firewall change to block a port. The question is asking which of the 4 options describes blocking a port on a firewall.
I would go for A) Explicit deny.
However, some people in the thread are saying C. And that's because the exact same thing can be achieved via an Access control list OR Explicit Deny.
Let's take a look at an example:
access-list 102 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 102 deny ip any any
That first line is saying the firewall should permit any IP from those ranges.
Then the next rule is an explicit deny on any ip and on any port.
now going back to the question, the security admin wants to block a port on the firewall, well he can do that by
adding a line like this:
access-list 102 deny ip any 134 (I made up port 134, the question doesn't specify what port to block)
(example modified from https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html)
Now the firewall rules look like this:
access-list 102 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 102 deny ip any 134
access-list 102 deny ip any any
so the Answer would be C. BUT this is completely stupid because the line below says 'any any',
which means it's going to block any IP and any PORT that doesn't match.
To further complicate things, if the rule looked like this:
access-list 102 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
access-list 102 deny ip any 134
then the answer is 100% A) explicit deny. Even though you could argue my 3 liner is A) explicit deny as well.
In short: this is a completely ridiculous question and quite typical of what I see in the Sec+. I have to say,
I am not enjoying studying it myself.
An explicit deny and an ACL is basically the same thing - because you're denying the traffic EXPLICITLY.....using an ACL. Stupid question. -
si20 Member Posts: 543 ■■■■■□□□□□NetworkNewb wrote: »Access Control Lists, but I can see an argument for Implicit Deny too
That's the thing - it could be anything. Without seeing the rule and having more content it's just a best-guess. I'm finding there are lots of questions in the Sec+ like this and it's actually making me think the cert is a waste of time. -
E Double U Member Posts: 2,238 ■■■■■■■■■■
The security administrator denies the request...
A. Explicit deny
My vote is A because the text says he denies the request. I wouldn't say C because the text doesn't say the sec admin actually implemented anything on the fw. I'm looking at this like receiving a change request, reviewing it, and saying approved or rejected. If I reject, I state why and suggest an alternative.Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
McxRisley Member Posts: 494 ■■■■■□□□□□I got this question wrong. I won't tell you what I answered, but I want to see what you will answer and get it wrong like me. Please also explain why you chose that answer as well. Thanks.
A database administrator contacts a security administrator to request firewall changes for a
connection to a new internal application. The security administrator notices that the new
application uses a port typically monopolized by a virus. The security administrator denies the
request and suggests a new port or service be used to complete the application’s task. Which of
the following is the security administrator practicing in this example?
A.
Explicit deny
B.
Port security
C.
Access control lists
D.
Implicit deny
They key things here are "The security administrator notices that the new application uses a port typically monopolized by a virus." and "The security administrator denies the request and suggests a new port or service be used to complete the application’s task." The admin does not use Explicit Deny because the rule is already in place through the use of ACLs, he denied the DBA's request to change the ACL.
Also some quick googling will turn up that the Answer is C. LOL!I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect. -
Mitechniq Member Posts: 286 ■■■■□□□□□□C is correct, the DBA is a making a request to open a port that currently is being blocked. This is normally done through a Firewall Exception request form - because it was rejected there was no changes made to the state of the firewall.
The firewall is currently configured with a implicit deny or whitelist however the Security administrator is 'practicing' ACL's or a document that tracks approvals/denials of firewall exceptions. A paper trail of why something was denied or more important why it was accepted is crucial if an attack originates from that port after it has been opened. -
si20 Member Posts: 543 ■■■■■□□□□□They key things here are "The security administrator notices that the new application uses a port typically monopolized by a virus." and "The security administrator denies the request and suggests a new port or service be used to complete the application’s task." The admin does not use Explicit Deny because the rule is already in place through the use of ACLs, he denied the DBA's request to change the ACL.
Also some quick googling will turn up that the Answer is C. LOL!
You mean an implicit deny, surely? The question itself doesn't say there's an explicit deny in the ACL That's the problem with the question - it isn't black and white - it leaves you with more questions than answers.
The fact we're all debating this shows that the question is poor at best. I'd hate to fail an exam on this kind of question. The way it's worded makes it sound like A is the correct answer. -
mgeoffriau Member Posts: 162 ■■■□□□□□□□Yup, I definitely didn't catch that the blocking rule was already in place by default.
So, there may indeed be a "best" answer, but it (like many exam questions) is ramping up the difficulty by obfuscating the point of the question. It is ultimately testing your ability to work your way through a poorly written question rather than testing your actual knowledge of the material.CISSP || A+ || Network+ || Security+ || Project+ || Linux+ || Healthcare IT Technician || ITIL Foundation v3 || CEH || CHFI
M.S. Cybersecurity and Information Assurance, WGU -
McxRisley Member Posts: 494 ■■■■■□□□□□You mean an implicit deny, surely? The question itself doesn't say there's an explicit deny in the ACL That's the problem with the question - it isn't black and white - it leaves you with more questions than answers.
The fact we're all debating this shows that the question is poor at best. I'd hate to fail an exam on this kind of question. The way it's worded makes it sound like A is the correct answer.
Nope I mean an ACL, this question is pretty cut and dry for me. These types of questions are designed to make you overthink the answer and CompTIA is VERY good at writing them, just take the CASP if you don't believe me lolI'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect. -
deadjoe Member Posts: 24 ■■■□□□□□□□The DB admin is requesting access to an internal application. Best practice for outside to inside is implicitly deny everything, then explicitly allow what you need (deny everything that is not explicitly allowed).
By making no changes the security admin is practicing implicit deny. -
trueshrewkmc Member Posts: 107I'm zeroing in on the "using a port typically monopolized by a virus" part. Which answer best fits firewall rules to block known viruses? Implicit deny.
-
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□I say the question is very bad That's something that happen
It is a change request that was denied because the port requested is used by a virus,he even suggest another port or service, implying that he advise that another service (or protocol) could be choosen for the application.
So nothing technical happened, however the port is probably already not allowed at all. So the last rule of the firewall chain would apply.
If I had to choose an answer, I would choose D : Implicit Deny. It is the less worse answer to this bad question.