CompTIA CySA+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the CompTIA CySA+ Exam with our quizzes. Master essential cybersecurity skills with flashcards and multiple-choice questions, complete with hints and explanations to optimize your learning experience.

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

In a scenario where an unauthorized service is detected, what is the ideal ACL entry to prevent access on a specific port?

  1. ALLOW TCP HOST 71.168.10.45 EQ 3389

  2. DENY TCP ANY HOST 71.168.10.45 EQ 3389

  3. DENY UDP ANY HOST 71.168.10.45 EQ 3389

  4. BLOCK IP ANY HOST 71.168.10.45

The correct answer is: DENY TCP ANY HOST 71.168.10.45 EQ 3389

The ideal ACL entry to prevent access on a specific port involves actively blocking the unauthorized service detected on that port. By using a "DENY" statement specifically for TCP traffic on port 3389, which is commonly associated with Remote Desktop Protocol (RDP), the entry prevents any TCP traffic from reaching the host at the specified IP address. This configuration is crucial because it ensures that no legitimate or unauthorized users can establish a TCP connection to the service running on that port. TCP is a connection-oriented protocol, and by specifying the usage of TCP with a "DENY" action, the rule effectively stops any attempts to communicate over that port with the defined source. While the other entries provide a range of options, they either apply to different protocols (like UDP), lack specificity (e.g., using "BLOCK IP" without differentiating between protocols), or are simply allowing traffic instead of denying it. The denial of TCP traffic on port 3389 ensures maximum security by closing off that entry point on the network, making it the most effective choice in this context.

More Questions Like This