SIMULATION
-
A company recently added a DR site and is redesigning the network. Users at the DR site are having issues browsing websites.
INSTRUCTIONS
-
Click on each firewall to do the following:
1. Deny cleartext web traffic.
2. Ensure secure management protocols are used.
3. Resolve issues at the DR site.
The ruleset order cannot be modified due to outside constraints.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
FW1: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 10.0.0.1/24 > ANY > HTTPS > PERMIT Management: ANY > ANY > SSH > PERMIT HTTPS Inbound: ANY > 10.0.0.1/24 > HTTPS > PERMIT HTTP Inbound:ANY > ANY > HTTP > DENY FW2: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 10.0.1.1/24 > ANY > HTTPS > PERMIT Management: ANY > ANY > SSH > PERMIT HTTPS Inbound: ANY > 10.0.1.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY FW3: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 192.168.0.1/24 > ANY > HTTPS > PERMIT Management: ANY > ANY > SSH > PERMIT HTTPS Inbound: ANY > 192.168.0.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY
Why is Management configured as ANY > ANY? Does it not mean any one can ssh to the systems within firewall? Example: For firewall 1 should it be ANY > 10.0.0.1/24 > SSH > PERMIT
That's a good point. I thought as long as it is SSH, any > any should be fine. It still works though. I might change the Management rule anyway to FW1: any > 10.0.0.1/24 > SSH > Permit FW2: any > 10.0.1.1/24 > SSH > Permit FW3: any > 192.168.0.1/24 > SSH > Permit
Say for example, I am currently working on one of the web servers and trying to connect to email server or the other web server via SSH. It will allow me to do so. As per the requirement, it still satisfies the below conditions as long as it is SSH: 1. Deny cleartext web traffic. 2. Ensure secure management protocols are used.
I think the HTTP inbound rule for the 3 firewalls should be as follows: FW1----> HTTP inbound: ANY > 10.0.0.1/24 > HTTP > DENY FW2----> HTTP inbound: ANY > 10.0.1.1/24 > HTTP > DENY FW3----> HTTP inbound: ANY > 192.168.0.1/24 > HTTP > DENY
Email servers & web servers typically do not respond to DNS requests directly. Instead, they rely on DNS resolvers to handle DNS resolution on their behalf. They can only query DNS requests to reach other websites. So, DNS for FW1 should be: 10.0.0.1/24 , ANY, DNS, permit DNS for FW2: 10.0.1.1/24, ANY, DNS, permit DNS for FW3: 192.168.0.1/24, ANY, DNS, permit
Just passed the exam with a score of 800 on 10/28/23. About 90% of the questions are from here. This question is on the exam.
good job! Did all you PBE questions were the ones form here, or some were form 501 version?
This was in the exam. All the questions were from 1-849. Make sure to understand the questions and the answers. Look it up and study all the details of every question. Don't just memorize it. Understand it and think how you an deploy or use at your work or in enterprise. Exam taken on Mar 2024.
Was on my exam today. My PBQ no.2
FW1: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 10.0.0.1/24 > ANY > HTTPS > PERMIT Management: ANY > 10.0.0.1/24 > SSH > PERMIT HTTPS Inbound: ANY > 10.0.0.1/24 > HTTPS > PERMIT HTTP Inbound:ANY > ANY > HTTP > DENY FW2: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 10.0.1.1/24 > ANY > HTTPS > PERMIT Management: ANY > 10.0.1.1/24 > SSH > PERMIT HTTPS Inbound: ANY > 10.0.1.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY FW3: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 192.168.0.1/24 > ANY > HTTPS > PERMIT Management: ANY > 192.168.0.1/24 > SSH > PERMIT HTTPS Inbound: ANY > 192.168.0.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY
I just think that HTTPS OUTBOUND on the DR site should be ANY > ANY, since the question states that userS (plural) are having issues connecting to websites.
28/01/24 just passed with 796. PBE questions 731,733,734,153 were in the exam. i say %80 of questions are from here.
This was in 11/20/2023 exam scored 774/900
This was on my exam, 11/29/23
I had this PBQ on the exam taken on 07/10/2024 (SEC+ 601)
once again, suggested answer is so wrong, it's not even funny.
Shouldn't be DNS only allowed to particular destination? For example, Firewall 1: DNS Rule: ANY > 10.0.0.1/24 > DNS > PERMIT
QUESTION: FW2 connects to a MAIL server, so why do I need to permit (in/out-bound) HTTPS ?
Hey mods, please approve.
FW1: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 10.0.0.1/24 > ANY > HTTPS > PERMIT Management: ANY > ANY > SSH > PERMIT HTTPS Inbound: ANY > 10.0.0.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY FW2: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 10.0.1.1/24 > ANY > HTTPS > PERMIT Management: ANY > ANY > SSH > PERMIT HTTPS Inbound: ANY > 10.0.1.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY FW3: DNS Rule: ANY > ANY > DNS > PERMIT HTTPS Outbound: 192.168.0.1/24 > ANY > HTTPS > PERMIT Management: ANY > ANY > SSH > PERMIT HTTPS Inbound: ANY > 192.168.0.1/24 > HTTPS > PERMIT HTTP Inbound: ANY > ANY > HTTP > DENY
04/09/24 this question was on the exam. I have a free account so I only went up to 400 questions barely any of those MQ's showed up. I highly suggest you go over the comments and understand it to apply logic.
This was on my exam 29.12.23
Just out of curiosity: why HTTPS inbound and outbound for email server?
This task was on the exam. I took it on November 2, 2023. Score 786/900 ALL PBQs on the exam were from here. I got 3 PBQs and 82/83 questions total. I do not recall what I answered on this one I went with my knowledge. Make sure to get familiar with these settings, so no matter what you get you can handle the task. I got 30-40% of the questions from this dump, and only the simple ones, the questions that sweat me up, were not in the dump. So make use of what examtopics have provided us to study well and pass the exam. Good luck!