26 Aug Practice Test Question-Port Restrictions
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Joe is using a virtual server instance running on a public cloud provider and would like to restrict the ports on that server accessible from the Internet. What security control would best allow him to meet this need?
A. Geofencing
B. Network traffic inspection
C. Network firewall
D. Network security groups
Correct Answer: D
Joe would not be able to modify the network firewall rules because those are only available to the cloud provider. Geofencing would restrict the geographic locations from which users may access the servers, which is not Joe’s requirement. Traffic inspection may be used to examine the traffic reaching the instance but is not normally used to create port-based restrictions, making it another incorrect answer. Network security groups however, provide functionality equivalent to network firewalls for cloud-hosted server instances. They allow the restriction of traffic that may reach a server instance, making Network security groups our correct answer.
Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!
No Comments