Understanding Security+ Log Questions
Some readers have expressed some confusion related to various security logs that they might see on the Security+ exam. If you work in an IT job, you might see many of these logs on a regular basis but not all of them. With this in mind, I created a small bank of Security+ questions related to logs. Here’s a sample:
Sample Security+ Log Question
Question: Users are unable to connect to a web server at IP address 10.80.1.5. You look at the rules in a firewall’s ACL between the user’s system and the web server and see the following two rules:
permit tcp any host 10.80.1.15 eq 80
permit tcp any host 10.80.1.15 eq 443
From the following choices, what is the BEST answer to indicate what these rules imply?
A. The firewall is implementing an implicit deny policy
B. The firewall is implementing an explicit deny policy
C. The firewall has failed
D. The rules are configured with the wrong ports
To help them (and anyone else preparing for the Security+ exam), I created a small bank of Security+ questions related to logs.
Answer at end of blog.
If you have access to any online Security+ question test bank on the Get Certified Get Ahead premium site (http://gcgapremium.com/), you’ll see this listed as
“Security Log-based Practice Test Questions” on the Member Home page (http://gcgapremium.com/member-home/)
As with all of the questions in the test banks, each of these questions includes an in-depth explanation available when you complete the exam. Use these explanations to understand why the correct answers are correct and why the incorrect answers are incorrect. This way, no matter how CompTIA words the questions, you’ll be able to answer them correctly.
Wishing you the best of luck in all your adventures in 2014 and beyond.
Sample Security+ Log Question Answer
Question: Users are unable to connect to a web server at IP address 10.80.1.5. You look at the rules in a firewall’s ACL between the user’s system and the web server and see the following two rules:
permit tcp any host 10.80.1.15 eq 80
permit tcp any host 10.80.1.15 eq 443
From the following choices, what is the BEST answer to indicate what these rules imply?
A. The firewall is implementing an implicit deny policy
B. The firewall is implementing an explicit deny policy
C. The firewall has failed
D. The rules are configured with the wrong ports
Answer: A is correct. The firewall is implementing an implicit deny policy in the access control list (ACL). It is explicitly allowing traffic from any host to a host with an IP address of 10.80.1.15 when the TCP port equals 80 or 443. All other traffic that doesn’t meet the definition of one of these rules is implicitly denied. Since the web server has an IP of 10.80.1.5 (not 10.80.1.15), traffic is blocked.
B is incorrect. Traffic that is explicitly denied uses a deny statement such as: “deny tcp any host 10.80.1.15 eq 80”
C is incorrect. The firewall is successfully blocking traffic that isn’t allowed so it hasn’t failed.
D is incorrect. A web server uses Hypertext Transfer Protocol (HTTP) on port 80 and HTTP Secure (HTTPS) on port 443. The firewall is correctly using ports 80 and 443 for HTTP and HTTPS, respectively.
Additional Information: Check out this page for examples on how Cisco formats ACL rules.
Other Security+ Study Resources
- Security+ blogs organized by categories
- Security+ blogs with free practice test questions
- Security+ blogs on new performance based questions
- Mobile Apps: Apps for mobile devices running iOS or Android
- Audio Files: (Learn by listening with over 4 1/2 hours of audio on Security+ topics)
- Flashcards: 31 Security+ Topic flashcards and 17 Security+ acronyms flashcards (free samples)
- Quality Practice Test Questions: Over 475 quality Security+ practice test questions with full explanations
- Full Security+ Study Packages: Quality practice test questions, audio, and Flashcards)
Congratulations Carlos!. That’s awesome news and good to hear the premium access helped you. Good luck with your next adventure.
Darril
Just wanted to send out a thank you! The premium access served well. I passed the SY0-401 this Saturday and what a relief it is!