Comptia Security Plus Mock Test Q10

Pete, the system administrator, wishes to monitor and limit users’ access to external websites. Which of the following would BEST address this?

A. Block all traffic on port 80.
B. Implement NIDS.
C. Use server load balancers.
D. Install a proxy server.

Correct Answer: D
Section: Network Security

Explanation:
A proxy is a device that acts on behalf of other(s). In the interest of security, all internal user interaction with the Internet should be controlled through a proxy server. The proxy server should automatically block known malicious sites. The proxy server should cache often-accessed sites to improve performance.

Incorrect Answers:
A: A network-based IDS (NIDS) approach to IDS attaches the system to a point in the network where it can monitor and report on all network traffic.

B: This would block all web traffic, as port 80 is used for World Wide Web.

C: In its most common implementation, a load balancer splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become
available.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 98, 103, 111