CompTIA Exam Questions

Which of the following would need to be implemented?

seenagape

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote
site. Which of the following would need to be implemented?

A.
Implicit deny

B.
VLAN management

C.
Port security

D.
Access control lists

Explanation:
In the OSI model, IP addressing and IP routing are performed at layer 3 (the network layer). In this
question we need to configure routing. When configuring routing, you specify which IP range (in this case,
the IP subnet of the remote site) is allowed to route traffic through the router to the FTP server.
Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in
the router. New statements are added to the end of the list. The router continues to look until it has a
match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this
reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic
that is not permitted.
Incorrect Answers:
A: Implicit deny is used in access control lists in applications, firewalls or routers. The idea is that
everything is implicitly denied except what is allowed. For example, in a firewall ACL, you create ACL
entries to allow traffic at the top of the list. If traffic coming in doesn’t match the conditions in a allow ACL
entry, then the traffic is implicitly denied. However, in this question, we need to configure an allow entry
in an ACL to allow the remote site to connect to the FTP server. Therefore, implicit deny is not the correct
answer.
B: VLAN management is the process of managing VLANs in network switches. Switches (and therefore
VLANs) work in Layer 2 of the OSI model.
C: Port security works at level 2 of the OSI model and allows an administrator to configure switch ports so
that only certain MAC addresses can use the port.

http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html
http://en.wikipedia.org/wiki/Virtual_LAN
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 157