Firewall PBQs: Understanding Cisco Cybersecurity Operations Fundamentals (200-201)
easyQuestion 1 of 3
As a SOC analyst, you are reviewing the perimeter firewall rules after a security incident investigation. Your analysis of the firewall logs shows that the attacker used Telnet (port 23) from the internet to gain initial access to an internal server on the 192.168.1.0/24 subnet. Company policy mandates that only SSH (port 22) from the management subnet (10.0.0.0/8) is permitted for remote administration, and a default deny rule must be in place. Correct the firewall rules to prevent this type of attack.
Firewall Rules
| # | Direction | Source | Port | Protocol | Action | Order | |
|---|---|---|---|---|---|---|---|
| 1 | inbound | any | 443 | tcp | allow | ||
| 2 | inbound | any | 23 | tcp | allow |
Rules are evaluated top to bottom. Use ▲▼ to reorder.
Progress
0 of 3 rules correctEdit or add rules to configure the firewall, then mark complete
0 of 3 marked complete