PrepAway - Latest Free Exam Questions & Answers

Which Rule is responsible?

You review this Security Policy because Rule 4 is inhibited.

Which Rule is responsible?

PrepAway - Latest Free Exam Questions & Answers

A.
Rule 1

B.
Rule 2

C.
Rule 3

D.
No rule inhibits Rule 4.

Explanation:

4 Comments on “Which Rule is responsible?

  3. shaaa says:

    With User Auth, the user does not connect directly to the gateway, but initiates a connection to the target server.
    Rule 3 dropped those connections.
    The solution is to put user auth rules above stealth rules.




    0



    0
  4. akiban says:

    My opinion is C, let me explain my understanding as below:
    1. What is User Authentication:
    User Authentication provides authentication for Telnet, FTP, HTTP, and rlogin services. By default, User Authentication is transparent. The user does not connect directly to the gateway, but initiates a connection to the target server.

    The following is a typical User Authentication method workflow:

    The Security Gateway intercepts the communication between the client and server.
    The Security Gateway prompts the user for a user name and password.
    If the user successfully authenticates, the gateway passes the connection to the remote host. If incorrect credentials are presented, the user is prompted to re-enter the data. After a predefined number of unsuccessful connection attempts, the connection is dropped.
    The remote host prompts the user for a user name and password.

    => So we have a simple understanding for user authentication below:
    User client ========== Security Gateway (Transparent) ========== Server Authentication.

    2. Configure Client Authentication Rule
    Place all Client Authentication Rules ABOVE the rule that prevents direct connections to the Security Gateway (the Stealth Rule) to ensure that they have access to the Security Gateway.

    Back to this situation, we have a simple diagram:
    User client ===== Security Gateway(fwsingapore) ===== Server Authentication (Websingapore).

    The fwsingapore is transparent, it will request User client input the credential and forward credential to Websingapore for authentication. Websingapore will confirm to fwsingapore if this credential is correct or not. However,because the Stealth Rule denied all connections to fwsingapore and it places ABOVE the User Authentication rule, so it will also deny the authentication connection between User client and Websingapore.

    That is my explanation for this. If you have other explanation, please share your idea. Thank you.




    0



    0

Leave a Reply