23 Dec Practice Test Question – Router Configuration Anti-Spoofing
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Rudy is configuring a router that sits at the connection between his organization’s network and the Internet. He is concerned about spoofed packets and would like to configure the router to perform anti-spoofing filtering. Which one of the following source IP addresses should be blocked at the router for inbound traffic?
A. 12.168.1.100
B. 278.168.1.100
C. 192.168.1.100
D. 129.168.1.100
Correct Answer: C
12.168.1.100 and 129.168.1.100 are valid public IP addresses and should be permitted as inbound source addresses. 278.168.1.100 is not a valid IP address because the first octet is greater than 255. It does not need to be blocked because it is not possible. This leaves 192.168.1.100. This address is a private address and should never be seen as a source address on packets crossing an external network connection.
Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!
No Comments