CertNexus Exam CFR-410 Topic 9 Question 43 Discussion

Actual exam question for CertNexus's CFR-410 exam

Question #: 43
Topic #: 9

A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)

Aiptables -A INPUT -p tcp --dport 25 -d x.x.x.x -j ACCEPT

Biptables -A INPUT -p tcp --sport 25 -d x.x.x.x -j ACCEPT

Ciptables -A INPUT -p tcp --dport 25 -j DROP

Diptables -A INPUT -p tcp --destination-port 21 -j DROP

Eiptables -A FORWARD -p tcp --dport 6881:6889 -j DROP

Show Suggested Answer

Suggested Answer: B, E

by Ellen at Sep 10, 2024, 05:46 PM

Limited Time Offer

25%

Off

Get Premium CFR-410 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Yoko

14 days ago

You know, if this was a real-life SMTP attack, the best solution would be to just unplug the whole network. That'll stop the traffic for sure! But I guess that's not very practical.

upvoted 0 times

...

Katina

15 days ago

I agree with Vincenza. Options C and D are the correct choices here. Blocking the SMTP port 25 is the way to go to stop this attack.

upvoted 0 times

...

Queenie

18 days ago

Ha! Option E is clearly not the right answer. Blocking incoming traffic on port range 6881-6889 has nothing to do with stopping an SMTP attack. Someone's trying to be funny with that one.

upvoted 0 times

...

Natalya

19 days ago

I think Options A and B are incorrect because they are accepting SMTP traffic instead of blocking it. The question asks for a solution to stop the SMTP attack, so we need to drop the SMTP traffic.

upvoted 0 times

Luis

3 days ago

A) iptables -A INPUT -p tcp --dport 25 -d x.x.x.x -j ACCEPT

upvoted 0 times

...

2 months ago

I think the correct commands to stop the attack are C and E.

upvoted 0 times

...