Examice

Exam PCNSA All QuestionsBrowse all questions from this exam

Question 55

A server-admin in the USERS-zone requires SSH-access to all possible servers in all current and future Public Cloud environments. All other required connections have already been enabled between the USERS- and the OUTSIDE-zone. What configuration-changes should the Firewall-admin make?

Create a custom-service-object called SERVICE-SSH for destination-port-TCP-22. Create a security-rule between zone USERS and OUTSIDE to allow traffic from any source IP-address to any destination IP-address for SERVICE-SSH

Create a security-rule that allows traffic from zone USERS to OUTSIDE to allow traffic from any source IP-address to any destination IP-address for application SSH

In addition to option a, a custom-service-object called SERVICE-SSH-RETURN that contains source-port-TCP-22 should be created. A second security-rule is required that allows traffic from zone OUTSIDE to USERS for SERVICE-SSH-RETURN for any source-IP-address to any destination-Ip-address

In addition to option c, an additional rule from zone OUTSIDE to USERS for application SSH from any source-IP-address to any destination-IP-address is required to allow the return-traffic from the SSH-servers to reach the server-admin

Correct Answer: B

To allow the server-admin in the USERS zone to access all current and future servers within the Public Cloud environments through SSH, the firewall-admin should create a security rule that permits traffic from the USERS zone to the OUTSIDE zone for the SSH application. This would ensure that TCP port 22 is allowed for any source IP address and any destination IP address, which covers all possible servers that might be deployed in the future.

Discussion

manamiOption: B

not a good question because in the first words it mentions a user not any asthe source user, but in overall B is better tahn the other options!

rt_85

None of these are good options, guess I'll go with the group. Why would I allow any-any for ssh instead of something more specific with App-ID for the singular user that needs access.

PLOOption: B

The others are already pre-defined in a way. SSH is already port 22

Blender808Option: B

B ... for far from BEST practise

RahulGawale19Option: B

B is Correct