A company firewall engineer has configured a new DMZ to allow public systems to be located away from the
internal network. The engineer has three security zones set:
Untrust (Internet) – (Remote network = 217.77.88.0/24)
DMZ (DMZ) – (11.12.13.0/24)
Trust (Intranet) – (192.168.0.0/24)
The engineer wants to configure remote desktop access from a fixed IP on the remote network to a remote
desktop server in the DMZ. Which rule would best fit this requirement?
A.
Permit 217.77.88.0/24 11.12.13.0/24 RDP 3389
B.
Permit 217.77.88.12 11.12.13.50 RDP 3389
C.
Permit 217.77.88.12 11.12.13.0/24 RDP 3389
D.
Permit 217.77.88.0/24 11.12.13.50 RDP 3389
Wot? Now knowledge of the difference between a subnet address and a host address is a thing to be tested on in CEH?
Dumb question indeed, because of the word ‘fixed’ you need to infer that the engineer wants one single IP host from the remote network (217.77.88.0/24) connected to a single IP host in the DMZ network (11.12.13.0/24) and B is the only option that both remote IP address and DMZ IP address are single, indiviual hosts because the other 3 include a .0 in the final octet of one or both addresses (the network address).