Firewall PBQs: CompTIA Cyber Security Analyst (CS0-003)
easyQuestion 1 of 3
Your SOC has detected a brute-force attack against SSH and RDP from IP address 203.0.113.50. As part of your incident response, update the firewall to block all traffic from the attacker's IP, restrict SSH access to the admin subnet only, and remove unnecessary RDP exposure. HTTPS must remain accessible to all.
Firewall Rules
| # | Direction | Source | Port | Protocol | Action | Order | |
|---|---|---|---|---|---|---|---|
| 1 | inbound | any | 22 | tcp | allow | ||
| 2 | inbound | any | 3389 | tcp | allow | ||
| 3 | inbound | any | 443 | tcp | allow | ||
| 4 | inbound | any | any | any | deny |
Rules are evaluated top to bottom. Use ▲▼ to reorder.
Progress
0 of 4 rules correctEdit or add rules to configure the firewall, then mark complete
0 of 3 marked complete