ExamGecko
Search Search Login
Home Home / CompTIA / N10-008
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

The cybersecurity department needs to monitor historical IP network traffic on the WAN interface of the outside router without installing network sensors. Which of the following would be best to allow the department to complete this task?
Staff members notify a network technician that the wireless network is not working as expected and connectivity to wireless devices is intermittent. Some devices connect but then disconnect. The technician reviews the logs on the WAP controller and identifies thousands of connection attempts from unrecognized devices within a short amount of time. Which of the following is the most likely reason for the wireless network connectivity issue?
A firewall administrator observes log entries of traffic being allowed to a web server on port 80 and port 443. The policy for this server is to only allow traffic on port 443. The firewall administrator needs to investigate how this change occurred to prevent a reoccurrence. Which of the following should the firewall administrator do next?
Which of the following BEST describes a network appliance that warns of unapproved devices that are accessing the network?
A user is unable to perform a reverse DNS lookup of an IP address to a hostname. Which of the following DNS record types is missing?
Which of the following is the most accurate NTP time source that is capable of being accessed across a network connection?
A global company has acquired a local company. The companies are geographically separate. The IP address ranges for the two companies are as follows: * Global company: 10.0.0.0/16 * Local company: 10.0.0.0/24 Which of the following can the network engineer do to quickly connect the two companies?
A network administrator is designing a new datacenter in a different region that will need to communicate to the old datacenter with a secure connection. Which of the following access methods would provide the BEST security for this new datacenter?
A network is experiencing a number of CRC errors during normal network communication. At which of the following layers of the OSI model will the administrator MOST likely start to troubleshoot?
Which of the following records is the main type in a reverse DNS lookup zone?

Question 583 - N10-008 discussion

Report
Export

A security team updated a web server to require https:// in the URL. Although the IP address did not change, users report being unable to reach the site. Which of the following should the security team do to allow users to reach the server again?

A.
Configure the switch port with the correct VLAN.
Answers
A.
Configure the switch port with the correct VLAN.
B.
Configure inbound firewall rules to allow traffic to port 443.
Answers
B.
Configure inbound firewall rules to allow traffic to port 443.
C.
Configure the router to include the subnet of the server.
Answers
C.
Configure the router to include the subnet of the server.
D.
Configure the server with a default route.
Answers
D.
Configure the server with a default route.
Suggested answer: B

Explanation:

One possible reason why users are unable to reach the site after the security team updated the web server to require https:// in the URL is that the firewall rules are blocking the traffic to port 443. Port 443 is the default port for HTTPS, which is the protocol that encrypts and secures the web communication. If the firewall rules do not allow inbound traffic to port 443, then users will not be able to access the web server using HTTPS12.

To troubleshoot this issue, the security team should configure inbound firewall rules to allow traffic to port 443. This can be done by using the firewall-cmd command on RHEL 8.2, which is a tool that manages firewalld, the default firewall service on RHEL. The command to add a rule to allow traffic to port 443 is:

firewall-cmd --permanent --add-port=443/tcp

The --permanent option makes the rule persistent across reboots, and the --add-port option specifies the port number and protocol (TCP) to allow. After adding the rule, the security team should reload the firewalld service to apply the changes:

firewall-cmd --reload

The security team can verify that the rule is active by using this command:

firewall-cmd --list-ports

The output should show 443/tcp among the ports that are allowed34.

The other options are not relevant to troubleshooting this issue. Configuring the switch port with the correct VLAN may help with network segmentation or isolation, but it will not affect the HTTPS protocol or port. Configuring the router to include the subnet of the server may help with network routing or connectivity, but it will not enable HTTPS communication. Configuring the server with a default route may help with network access or reachability, but it will not allow HTTPS traffic.

Show Answer
asked 02/10/2024
saharat pinsaran
43 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms