HOTSPOT
The security administrator has installed a new firewall which implements an implicit DENY policy
by default. Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the
default HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the Financial server ONLY, over
the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over
the default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match The
port number must be typed in and only one port number can be entered per rule Type ANY for all
ports. The original firewall configuration can be reset at any time by pressing the reset button.
Once you have met the simulation requirements, click save and then Done to submit.

Answer: See the explanation

Explanation:

Implicit deny is the default security stance that says if you aren’t specifically granted access or
privileges for a resource, you’re denied access by default.
Rule #1 allows the Accounting workstation to ONLY access the web server on the public network

over the default HTTPS port, which is TCP port 443.
Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the
default SCP port, which is TCP Port 22
Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing
servers located on the secure network over the default TFTP port, which is Port 69.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers