Comptia Security Plus Mock Test Q49

Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL?
PERMIT TCP ANY HOST 192.168.0.10 EQ 80
PERMIT TCP ANY HOST 192.168.0.10 EQ 443

A. It implements stateful packet filtering.
B. It implements bottom-up processing.
C. It failed closed.
D. It implements an implicit deny.

Correct Answer: D
Section: Network Security

Explanation:
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present.

Incorrect Answers:
A: Stateful packet filtering automatically creates a response rule for the replay on the fly. But that rule exists only as long as the conversation is taking place.

B: Bottom-up processing is a type of information processing based on incoming data from the environment to form a perception.

C: This option is a reaction to a failure, which has nothing to do with ACL’s

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 6, 26
http://en.wikipedia.org/wiki/Top-down_and_bottom-up_design