CompTIA Security Plus Mock Test Q189

A security administrator must implement a firewall rule to allow remote employees to VPN onto the company network. The VPN concentrator implements SSL VPN over the standard HTTPS port. Which of the following is the MOST secure ACL to implement at the company’s gateway firewall?

A. PERMIT TCP FROM ANY 443 TO 199.70.5.25 443
B. PERMIT TCP FROM ANY ANY TO 199.70.5.23 ANY
C. PERMIT TCP FROM 199.70.5.23 ANY TO ANY ANY
D. PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443

Correct Answer: D
Section: Network Security

Explanation:
The default HTTPS port is port 443. When configuring SSL VPN you can change the default port for HTTPS to a port within the 1024-65535 range. This ACL will allow traffic from VPNs using the 1024-65535 port range to access the company network via company’s gateway firewall on port 443.

Incorrect Answers:
A: This This ACL will only allow traffic from VPNs using port to access the company network via company’s gateway firewall on port 443.
B: This ACL is not secure because it will allow all traffic through the company’s gateway firewall.
C: This is not a valid ACL format.

References:
http://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-4/user/guide/CSMUserGuide_wrapper/ravpnbas.html