Question

A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner (www.example.net).

Which of the following rules is preventing the CSO from accessing the site? Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars?

1. Rule 1: deny from inside to outside source any destination any service smtp
2. Rule 2: deny from inside to outside source any destination any service ping
3. Rule 3: deny from inside to outside source any destination {blocked sites} service http-https
4. Rule 4: deny from any to any source any destination any service any

______________________________________________________________________________________________________________________________

A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to logon to network devices using their LDAP credentials. All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility.

Which of the following configuration commands should be implemented to enforce this requirement?

1. LDAP server 10.55.199.3
2. CN=company, CN=com, OU=netadmin, DC=192.32.10.233
3. SYSLOG SERVER 172.16.23.50
4. TACAS server 192.168.1.100

Answer 1

A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner (www.example.net).Which of the following rules is preventing the CSO from accessing the site? Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars?

Answer: Rule 3: deny from inside to outside source any destination {blocked sites} service http-https

Explanation:

I know you're confused between C and D. Technically both c and d are right, but the practicality of d being in place is very low.

'C' is a more direct reasonable answer as web traffic will primarily use http and https.

A security administrator is tasked with implementing centralized management of all network devices. Network administrators will be required to logon to network devices using their LDAP credentials. All command executed by network administrators on network devices must fall within a preset list of authorized commands and must be logged to a central facility.

Which of the following configuration commands should be implemented to enforce this requirement?

AnsweR: CN=company, CN=com, OU=netadmin, DC=192.32.10.233

Explanation:

There will be confusion as why D) cannot be the answer. It can be but only when you replace TACAS with TACACS+, then I believe D is the correct answer.

TACAS+ specs:

• TACACS+ allows centralised management of network devices.
• TACACS+ can be used to limit what commands can be entered on network devices. -
• TACACS+ can be used to log all the commands entered on network devices.

Since they have asked for a command not the server, option B will be correct here as it is a command.

The above answers are 100% correct.

If you have any doubts, leave a comment below and I'll help you out