CompTIA Network+ N10-006 Q778

A network security engineer is installing a new firewall to protect a single server that requires isolation from the majority of network resources. The server will require secure network access. Which of the following hardening steps should the engineer perform on the new firewall?

A. Drop inbound and outbound traffic on ports 20,21,23, and 53. Allow inbound and outbound SSH traffic. Block outbound traffic on port 80.
B. Block all ephemeral port numbers and UDP traffic at the firewall. Explicitly allow SSH traffic. Remove implicit deny statements for ports 53 and lower.
C. Explicitly allow traffic on ports 22 and 443. Explicitly deny all other traffic at the firewall internal and external interfaces.
D. Ensure the firewall OS is the latest version with all patches applied. Block traffic not seen in audit logs after a 48-hour test.

Correct Answer: C