+ Reply to Thread
Results 1 to 18 of 18
  1. Senior Member coldbug's Avatar
    Join Date
    Dec 2005
    Location
    Germantown, MD
    Posts
    191

    Certifications
    A.A/A+/ Network+
    #1

    Default Please explain like I'm a 6 years old

    I got this question wrong. I won't tell you what I answered, but I want to see what you will answer and get it wrong like me. Please also explain why you chose that answer as well. Thanks.

    A database administrator contacts a security administrator to request firewall changes for a
    connection to a new internal application. The security administrator notices that the new
    application uses a port typically monopolized by a virus. The security administrator denies the
    request and suggests a new port or service be used to complete the application’s task. Which of
    the following is the security administrator practicing in this example?
    A.
    Explicit deny
    B.
    Port security
    C.
    Access control lists
    D.
    Implicit deny
    "If you want to kick the tiger in his ass, you'd better have a plan for dealing with his teeth."
    Reply With Quote Quote  

  2. SS
  3. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    352

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, CSAE, C|EH, OSCP, Splunk Certified User, Splunk Certified Power User, Splunk Certified Admin
    #2
    The answer is C. The question specifically calls out a firewall and ports and services. You have to read CompTIA questions very carefully.
    Last edited by McxRisley; 12-08-2017 at 06:27 PM.
    Reply With Quote Quote  

  4. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,824

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #3
    Access Control Lists, but I can see an argument for Implicit Deny too
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Apr 2016
    Posts
    129

    Certifications
    -->
    #4
    That's funny, I'd argue for Explicit Deny. The admin notices the port being used and chooses to deny it.
    A+ || Network+ || Security+ || Project+ || Healthcare IT Technician || ITIL Foundation v3 || CEH || CHFI
    M.S. Cybersecurity and Information Assurance, WGU
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    May 2013
    Posts
    1,417

    Certifications
    CISSP, CISA, GWAPT, GSEC
    #5
    That’s a terrible question...the admin is using access control lists to control traffic...but he or she specifically is explicitly denying that port request.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Apr 2016
    Posts
    129

    Certifications
    -->
    #6
    That's why I chose "explicit deny" -- they are using ACLs, but they are "practicing" explicit deny.
    A+ || Network+ || Security+ || Project+ || Healthcare IT Technician || ITIL Foundation v3 || CEH || CHFI
    M.S. Cybersecurity and Information Assurance, WGU
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    May 2006
    Posts
    2,146

    Certifications
    CISSP, CCSP, CCNA Cyber Ops, eJPT, ITIL,PA ACE,Qualys Certified Specialist, A+
    #7
    Use next generation application layer firewall. Create a rule to allow application A on port xyz. Even if a virus ises that port it wont pass.
    Reply With Quote Quote  

  9. Senior Member si20's Avatar
    Join Date
    May 2014
    Location
    UK
    Posts
    445

    Certifications
    MCDST, MCP, BSc Computer Forensics, MTA: 98-366, OSWP, OSCP, FJSE, ACE, PGCert, Linux+
    #8
    Quote Originally Posted by coldbug View Post
    I got this question wrong. I won't tell you what I answered, but I want to see what you will answer and get it wrong like me. Please also explain why you chose that answer as well. Thanks.

    A database administrator contacts a security administrator to request firewall changes for a
    connection to a new internal application. The security administrator notices that the new
    application uses a port typically monopolized by a virus. The security administrator denies the
    request and suggests a new port or service be used to complete the application’s task. Which of
    the following is the security administrator practicing in this example?
    A.
    Explicit deny
    B.
    Port security
    C.
    Access control lists
    D.
    Implicit deny
    Ok, so here's my thought process:

    database administrator - not relevant. Security administrator - not too relevant. The key bits of info we see are: firewall change to block a port. The question is asking which of the 4 options describes blocking a port on a firewall.

    I would go for A) Explicit deny.

    However, some people in the thread are saying C. And that's because the exact same thing can be achieved via an Access control list OR Explicit Deny.

    Let's take a look at an example:


    access-list 102 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
    access-list 102 deny ip any any

    That first line is saying the firewall should permit any IP from those ranges.
    Then the next rule is an explicit deny on any ip and on any port.

    now going back to the question, the security admin wants to block a port on the firewall, well he can do that by
    adding a line like this:

    access-list 102 deny ip any 134 (I made up port 134, the question doesn't specify what port to block)

    (example modified from https://www.cisco.com/c/en/us/suppor...cesslists.html)

    Now the firewall rules look like this:

    access-list 102 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
    access-list 102 deny ip any 134
    access-list 102 deny ip any any

    so the Answer would be C. BUT this is completely stupid because the line below says 'any any',
    which means it's going to block any IP and any PORT that doesn't match.

    To further complicate things, if the rule looked like this:

    access-list 102 permit ip 10.1.1.0 0.0.0.255 172.16.1.0 0.0.0.255
    access-list 102 deny ip any 134

    then the answer is 100% A) explicit deny. Even though you could argue my 3 liner is A) explicit deny as well.


    In short: this is a completely ridiculous question and quite typical of what I see in the Sec+. I have to say,
    I am not enjoying studying it myself.

    An explicit deny and an ACL is basically the same thing - because you're denying the traffic EXPLICITLY.....using an ACL. Stupid question.
    Last edited by si20; 12-11-2017 at 09:09 AM.
    Plans for early 2018: CompTIA Security+
    Plans for 2018/Beyond: MTA Software Development Fundamentals and see where that takes me
    Reply With Quote Quote  

  10. Senior Member si20's Avatar
    Join Date
    May 2014
    Location
    UK
    Posts
    445

    Certifications
    MCDST, MCP, BSc Computer Forensics, MTA: 98-366, OSWP, OSCP, FJSE, ACE, PGCert, Linux+
    #9
    Quote Originally Posted by NetworkNewb View Post
    Access Control Lists, but I can see an argument for Implicit Deny too
    That's the thing - it could be anything. Without seeing the rule and having more content it's just a best-guess. I'm finding there are lots of questions in the Sec+ like this and it's actually making me think the cert is a waste of time.
    Plans for early 2018: CompTIA Security+
    Plans for 2018/Beyond: MTA Software Development Fundamentals and see where that takes me
    Reply With Quote Quote  

  11. Senior Member E Double U's Avatar
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1,273

    Certifications
    CISSP, CISM, GCIA, GCIH, C|EH, and more.
    #10
    Quote Originally Posted by coldbug View Post

    The security administrator denies the request...

    A. Explicit deny
    My vote is A because the text says he denies the request. I wouldn't say C because the text doesn't say the sec admin actually implemented anything on the fw. I'm looking at this like receiving a change request, reviewing it, and saying approved or rejected. If I reject, I state why and suggest an alternative.
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
    Reply With Quote Quote  

  12. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    352

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, CSAE, C|EH, OSCP, Splunk Certified User, Splunk Certified Power User, Splunk Certified Admin
    #11
    Quote Originally Posted by coldbug View Post
    I got this question wrong. I won't tell you what I answered, but I want to see what you will answer and get it wrong like me. Please also explain why you chose that answer as well. Thanks.

    A database administrator contacts a security administrator to request firewall changes for a
    connection to a new internal application. The security administrator notices that the new
    application uses a port typically monopolized by a virus. The security administrator denies the
    request and suggests a new port or service be used to complete the application’s task. Which of
    the following is the security administrator practicing in this example?
    A.
    Explicit deny
    B.
    Port security
    C.
    Access control lists
    D.
    Implicit deny
    They key things here are "The security administrator notices that the new application uses a port typically monopolized by a virus." and "The security administrator denies the request and suggests a new port or service be used to complete the application’s task." The admin does not use Explicit Deny because the rule is already in place through the use of ACLs, he denied the DBA's request to change the ACL.

    Also some quick googling will turn up that the Answer is C. LOL!
    Reply With Quote Quote  

  13. Senior Member Mitechniq's Avatar
    Join Date
    Jun 2012
    Posts
    279

    Certifications
    CCNA, GIAC G2700, VCP5-DCV C|EH, ISC2 CISSP, AWS-SAP (Most have Expired)
    #12
    C is correct, the DBA is a making a request to open a port that currently is being blocked. This is normally done through a Firewall Exception request form - because it was rejected there was no changes made to the state of the firewall.

    The firewall is currently configured with a implicit deny or whitelist however the Security administrator is 'practicing' ACL's or a document that tracks approvals/denials of firewall exceptions. A paper trail of why something was denied or more important why it was accepted is crucial if an attack originates from that port after it has been opened.
    Reply With Quote Quote  

  14. Senior Member si20's Avatar
    Join Date
    May 2014
    Location
    UK
    Posts
    445

    Certifications
    MCDST, MCP, BSc Computer Forensics, MTA: 98-366, OSWP, OSCP, FJSE, ACE, PGCert, Linux+
    #13
    Quote Originally Posted by McxRisley View Post
    They key things here are "The security administrator notices that the new application uses a port typically monopolized by a virus." and "The security administrator denies the request and suggests a new port or service be used to complete the application’s task." The admin does not use Explicit Deny because the rule is already in place through the use of ACLs, he denied the DBA's request to change the ACL.

    Also some quick googling will turn up that the Answer is C. LOL!
    You mean an implicit deny, surely? The question itself doesn't say there's an explicit deny in the ACL That's the problem with the question - it isn't black and white - it leaves you with more questions than answers.

    The fact we're all debating this shows that the question is poor at best. I'd hate to fail an exam on this kind of question. The way it's worded makes it sound like A is the correct answer.
    Plans for early 2018: CompTIA Security+
    Plans for 2018/Beyond: MTA Software Development Fundamentals and see where that takes me
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Apr 2016
    Posts
    129

    Certifications
    -->
    #14
    Yup, I definitely didn't catch that the blocking rule was already in place by default.

    So, there may indeed be a "best" answer, but it (like many exam questions) is ramping up the difficulty by obfuscating the point of the question. It is ultimately testing your ability to work your way through a poorly written question rather than testing your actual knowledge of the material.
    A+ || Network+ || Security+ || Project+ || Healthcare IT Technician || ITIL Foundation v3 || CEH || CHFI
    M.S. Cybersecurity and Information Assurance, WGU
    Reply With Quote Quote  

  16. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    352

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, CSAE, C|EH, OSCP, Splunk Certified User, Splunk Certified Power User, Splunk Certified Admin
    #15
    Quote Originally Posted by si20 View Post
    You mean an implicit deny, surely? The question itself doesn't say there's an explicit deny in the ACL That's the problem with the question - it isn't black and white - it leaves you with more questions than answers.

    The fact we're all debating this shows that the question is poor at best. I'd hate to fail an exam on this kind of question. The way it's worded makes it sound like A is the correct answer.
    Nope I mean an ACL, this question is pretty cut and dry for me. These types of questions are designed to make you overthink the answer and CompTIA is VERY good at writing them, just take the CASP if you don't believe me lol
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Jan 2017
    Location
    Africa
    Posts
    14

    Certifications
    OSCP, CISSP, CEH, PCNSE7, MCP...
    #16
    The DB admin is requesting access to an internal application. Best practice for outside to inside is implicitly deny everything, then explicitly allow what you need (deny everything that is not explicitly allowed).

    By making no changes the security admin is practicing implicit deny.
    Last edited by deadjoe; 12-11-2017 at 06:44 PM. Reason: spelling
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Aug 2016
    Location
    Arizona (not a native)
    Posts
    103

    Certifications
    CISSP, CASP, GCFA, C|EH v8, C|NDA, RDRP (Registered DoD RMF Practitioner), Sec+, MCSE-NT4, A+
    #17
    I'm zeroing in on the "using a port typically monopolized by a virus" part. Which answer best fits firewall rules to block known viruses? Implicit deny.
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    461

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE, CISSP
    #18
    I say the question is very bad That's something that happen

    It is a change request that was denied because the port requested is used by a virus,he even suggest another port or service, implying that he advise that another service (or protocol) could be choosen for the application.

    So nothing technical happened, however the port is probably already not allowed at all. So the last rule of the firewall chain would apply.

    If I had to choose an answer, I would choose D : Implicit Deny. It is the less worse answer to this bad question.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks