Understanding Security+ Log Questions

Some readers have expressed some confusion related to various security logs that they might see on the Security+ exam. If you work in an IT job, you might see many of these logs on a regular basis but not all of them. With this in mind, I created a small bank of Security+ questions related to logs. Here’s a sample:

Sample Security+ Log Question

Question: Users are unable to connect to a web server at IP address 10.80.1.5. You look at the rules in a firewall’s ACL between the user’s system and the web server and see the following two rules:

permit tcp any host 10.80.1.15 eq 80
permit tcp any host 10.80.1.15 eq 443

From the following choices, what is the BEST answer to indicate what these rules imply?

A. The firewall is implementing an implicit deny policy

B. The firewall is implementing an explicit deny policy

C. The firewall has failed

D. The rules are configured with the wrong ports

To help them (and anyone else preparing for the Security+ exam), I created a small bank of Security+ questions related to logs.

Answer at end of blog.

If you have access to any online Security+ question test bank on the Get Certified Get Ahead premium site (http://gcgapremium.com/), you’ll see this listed as

“Security Log-based Practice Test Questions” on the Member Home page (http://gcgapremium.com/member-home/)

As with all of the questions in the test banks, each of these questions includes an in-depth explanation available when you complete the exam. Use these explanations to understand why the correct answers are correct and why the incorrect answers are incorrect. This way, no matter how CompTIA words the questions, you’ll be able to answer them correctly.

Wishing you the best of luck in all your adventures in 2014 and beyond.

Sample Security+ Log Question Answer

Question: Users are unable to connect to a web server at IP address 10.80.1.5. You look at the rules in a firewall’s ACL between the user’s system and the web server and see the following two rules:

permit tcp any host 10.80.1.15 eq 80
permit tcp any host 10.80.1.15 eq 443

From the following choices, what is the BEST answer to indicate what these rules imply?

A. The firewall is implementing an implicit deny policy

B. The firewall is implementing an explicit deny policy

C. The firewall has failed

D. The rules are configured with the wrong ports

Answer: A is correct. The firewall is implementing an implicit deny policy in the access control list (ACL). It is explicitly allowing traffic from any host to a host with an IP address of 10.80.1.15 when the TCP port equals 80 or 443. All other traffic that doesn’t meet the definition of one of these rules is implicitly denied. Since the web server has an IP of 10.80.1.5 (not 10.80.1.15), traffic is blocked.

B is incorrect. Traffic that is explicitly denied uses a deny statement such as: “deny tcp any host 10.80.1.15 eq 80”

C is incorrect. The firewall is successfully blocking traffic that isn’t allowed so it hasn’t failed.

D is incorrect. A web server uses Hypertext Transfer Protocol (HTTP) on port 80 and HTTP Secure (HTTPS) on port 443. The firewall is correctly using ports 80 and 443 for HTTP and HTTPS, respectively.

Additional Information: Check out this page for examples on how Cisco formats ACL rules.

Security+ Full Access Package

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.

This exam is expensive.

Make sure you’re ready before exam day. 

Here’s what you’ll get:

• All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-601 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
• Realistic SY0-601 Security+ Practice Test Questions
• Performance-based questions.
• All of the flashcards from the study guide. View them in any Web browser. See demo here
• All of the audio from the study guide.
• Access to a free discount code for 10% off your Security+ voucher.

Buy The Full Access Study Package Today

60 Days Access

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Other Security+ Study Resources

• Security+ blogs organized by categories
• Security+ blogs with free practice test questions
• Security+ blogs on new performance based questions
• Mobile Apps: Apps for mobile devices running iOS or Android
• Audio Files: (Learn by listening with over 4 1/2 hours of audio on Security+ topics)
• Flashcards: 31 Security+ Topic flashcards and 17 Security+ acronyms flashcards (free samples)
• Quality Practice Test Questions: Over 475 quality Security+ practice test questions with full explanations
• Full Security+ Study Packages: Quality practice test questions, audio, and Flashcards)