Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CertNexus CFR-410 Exam - Topic 9 Question 43 Discussion

A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)
B) iptables -A INPUT -p tcp --sport 25 -d x.x.x.x -j ACCEPT and E) iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP
A) iptables -A INPUT -p tcp --dport 25 -d x.x.x.x -j ACCEPT
C) iptables -A INPUT -p tcp --dport 25 -j DROP
D) iptables -A INPUT -p tcp --destination-port 21 -j DROP

CertNexus CFR-410 Exam - Topic 9 Question 43 Discussion

Actual exam question for CertNexus's CFR-410 exam
Question #: 43
Topic #: 9
[All CFR-410 Questions]

A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)

Show Suggested Answer Hide Answer
Suggested Answer: B, E

by Ellen at Sep 10, 2024, 05:46 PM

Limited Time Offer

25%

Off

Get Premium CFR-410 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Katheryn
6 months ago
Not sure if just dropping traffic is enough, what about logging?
upvoted 0 times
...
Alyssa
7 months ago
Totally agree with C, it’s a solid move!
upvoted 0 times
...
Phyliss
7 months ago
Wait, why would you use D? That targets FTP, not SMTP!
upvoted 0 times
...
Michel
7 months ago
I think A is also a valid option, but not for stopping the attack.
upvoted 0 times
...
Estrella
7 months ago
C is definitely the right choice to block that traffic.
upvoted 0 times
...
Ceola
7 months ago
I thought option A might be correct too, but it seems like it allows traffic instead of blocking it.
upvoted 0 times
...
Melda
8 months ago
I practiced a similar question where we had to drop unwanted traffic, and I feel like option C makes the most sense for that.
upvoted 0 times
...
Loreta
8 months ago
I'm not entirely sure about the specifics, but I remember something about using the correct port for SMTP, which is 25.
upvoted 0 times
...
Reuben
8 months ago
I think we need to block the incoming SMTP traffic, so maybe option C is the right choice?
upvoted 0 times
...
Mozell
8 months ago
This is a good one. I remember learning about using iptables to filter traffic by port and destination. I think options A and C are the right commands to stop the SMTP attack while still allowing legitimate email server traffic.
upvoted 0 times
...
Haley
8 months ago
I'm a little confused by the wording of this question. Is it asking to block all SMTP traffic, or just the traffic to the internal clients? I'll need to think through the intent carefully before selecting the right commands.
upvoted 0 times
...
Gail
8 months ago
Hmm, I'm a bit unsure about this one. I know iptables is used for firewall rules, but I'm not totally clear on the specific syntax for blocking SMTP traffic. I'll have to review my notes and try to reason through the options.
upvoted 0 times
...
Gilma
8 months ago
This looks like a straightforward iptables question. I'll need to carefully read through the options and think about how to block the SMTP traffic while allowing legitimate email server traffic.
upvoted 0 times
...
Allene
8 months ago
Okay, I've got this. The key is to block the SMTP traffic on port 25 while allowing access to the email servers. I think options C and D are the way to go here.
upvoted 0 times
...
Peggie
8 months ago
Wait, where exactly do I find the "File" tab and "Advanced Properties" option? I want to make sure I do this right.
upvoted 0 times
...
Yoko
1 year ago
You know, if this was a real-life SMTP attack, the best solution would be to just unplug the whole network. That'll stop the traffic for sure! But I guess that's not very practical.
upvoted 0 times
...
Katina
1 year ago
I agree with Vincenza. Options C and D are the correct choices here. Blocking the SMTP port 25 is the way to go to stop this attack.
upvoted 0 times
Eun
11 months ago
Great, so options C and D are the way to go to prevent the flood of SMTP traffic.
upvoted 0 times
...
Arlette
12 months ago
Definitely, option D is also a good choice to block the attack.
upvoted 0 times
...
Pa
12 months ago
I agree, blocking the SMTP port 25 is the best way to stop the attack.
upvoted 0 times
...
In
1 year ago
I think option C is the correct choice.
upvoted 0 times
...
...
Queenie
1 year ago
Ha! Option E is clearly not the right answer. Blocking incoming traffic on port range 6881-6889 has nothing to do with stopping an SMTP attack. Someone's trying to be funny with that one.
upvoted 0 times
...
Natalya
1 year ago
I think Options A and B are incorrect because they are accepting SMTP traffic instead of blocking it. The question asks for a solution to stop the SMTP attack, so we need to drop the SMTP traffic.
upvoted 0 times
Avery
1 year ago
You're right, we need to drop the SMTP traffic to stop the attack.
upvoted 0 times
...
Brent
1 year ago
C) iptables -A INPUT -p tcp --dport 25 -j DROP
upvoted 0 times
...
Luis
1 year ago
A) iptables -A INPUT -p tcp --dport 25 -d x.x.x.x -j ACCEPT
upvoted 0 times
...
...
Vincenza
1 year ago
The correct answers are C and D. Option C blocks all incoming SMTP traffic, while Option D blocks all incoming FTP traffic. Blocking FTP is not relevant here, so Option D is not the right choice.
upvoted 0 times
Roslyn
1 year ago
C) iptables -A INPUT -p tcp --dport 25 -j DROP
upvoted 0 times
...
Roslyn
1 year ago
A) iptables -A INPUT -p tcp --dport 25 -d x.x.x.x -j ACCEPT
upvoted 0 times
...
...
Harris
1 year ago
I'm not sure about command E. I think it's better to focus on blocking SMTP traffic specifically, so I would go with commands A and C.
upvoted 0 times
...
Dominga
1 year ago
I agree with you, Artie. Command C will drop SMTP traffic and command E will drop traffic on ports commonly used for file sharing.
upvoted 0 times
...
Artie
1 year ago
I think the correct commands to stop the attack are C and E.
upvoted 0 times
...

Save Cancel