Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA SY0-701 Exam - Topic 1 Question 46 Discussion

Actual exam question for CompTIA's SY0-701 exam
Question #: 46
Topic #: 1
[All SY0-701 Questions]

During a security incident, the security operations team identified sustained network traffic from a malicious IP address:

10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Show Suggested Answer Hide Answer
Suggested Answer: B

A firewall rule is a set of criteria that determines whether to allow or deny a packet to pass through the firewall. A firewall rule consists of several elements, such as the action, the protocol, the source address, the destination address, and the port number. The syntax of a firewall rule may vary depending on the type and vendor of the firewall, but the basic logic is the same. In this question, the security analyst is creating an inbound firewall rule to block the IP address 10.1.4.9 from accessing the organization's network. This means that the action should be deny, the protocol should be any (or ig for IP), the source address should be 10.1.4.9/32 (which means a single IP address), the destination address should be 0.0.0.0/0 (which means any IP address), and the port number should be any. Therefore, the correct firewall rule is:

access-list inbound deny ig source 10.1.4.9/32 destination 0.0.0.0/0

This rule will match any packet that has the source IP address of 10.1.4.9 and drop it. The other options are incorrect because they either have the wrong action, the wrong source address, or the wrong destination address. For example, option A has the source and destination addresses reversed, which means that it will block any packet that has the destination IP address of 10.1.4.9, which is not the intended goal. Option C has the wrong action, which is permit, which means that it will allow the packet to pass through the firewall, which is also not the intended goal. Option D has the same problem as option A, with the source and destination addresses reversed.

Reference=Firewall Rules -- CompTIA Security+ SY0-401: 1.2,Firewalls -- SY0-601 CompTIA Security+ : 3.3,Firewalls -- CompTIA Security+ SY0-501,Understanding Firewall Rules -- CompTIA Network+ N10-005: 5.5,Configuring Windows Firewall -- CompTIA A+ 220-1102 -- 1.6.


by Lucina at Nov 21, 2025, 02:07 AM

Limited Time Offer

25%

Off

Get Premium SY0-701 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Frederica
2 months ago
A is clear. We need to protect the network from threats.
upvoted 0 times
...
Sharita
2 months ago
D is definitely incorrect. It permits access to the bad IP.
upvoted 0 times
...
Noble
2 months ago
Option B seems wrong. It allows traffic from the malicious IP.
upvoted 0 times
...
Frankie
2 months ago
Surprised this is even a question, it's pretty straightforward!
upvoted 0 times
...
Eve
2 months ago
Wait, why would we block the source instead of the destination?
upvoted 0 times
...
Lindsey
2 months ago
Definitely going with B, it makes the most sense.
upvoted 0 times
...
Mayra
3 months ago
Option B is the correct choice to block that IP.
upvoted 0 times
...
Dick
3 months ago
B is the way to do it. Firewall rules are like a bouncer at the door - "No malicious IPs allowed!"
upvoted 0 times
...
Lynelle
3 months ago
B, easy peasy. Shut that IP down before it causes any trouble!
upvoted 0 times
...
Kristin
4 months ago
B is the obvious choice. Ain't no one got time for malicious traffic!
upvoted 0 times
...
Chanel
4 months ago
B is the way to go. Gotta keep those hackers out!
upvoted 0 times
...
Jerlene
4 months ago
Definitely B. Blocking the bad IP from reaching the network is the way to go.
upvoted 0 times
...
Dick
4 months ago
B) is the correct answer. Blocking the malicious IP address from accessing the network.
upvoted 0 times
...
Blondell
4 months ago
I feel like option A is the right choice because it denies traffic coming from any source to that specific IP, but I might be mixing up the details.
upvoted 0 times
...
Francesco
4 months ago
I’m a bit confused about the syntax. I thought the access-list command needed to specify the direction clearly, but I can't recall the exact format.
upvoted 0 times
...
Tashia
5 months ago
I remember practicing similar questions, and I believe we want to deny the source IP, so I think option B makes sense.
upvoted 0 times
...
Elina
5 months ago
I'm pretty confident that B is the right answer. Denying the malicious IP address from accessing the entire network seems like the appropriate action to take in this security incident.
upvoted 0 times
...
Adelle
5 months ago
Okay, let me walk through this step-by-step. We want to block traffic from the malicious IP 10.1.4.9, so the rule needs to deny that source IP. Option B looks like the best choice to me.
upvoted 0 times
...
Marci
5 months ago
I think the rule should deny traffic from the malicious IP, but I'm not sure if it's the source or destination that needs to be blocked.
upvoted 0 times
...
Jacqueline
5 months ago
Agreed, A makes sense. Deny traffic from that IP.
upvoted 0 times
...
Mignon
5 months ago
I think option A is the right choice. It blocks the malicious IP.
upvoted 0 times
...
Rodrigo
6 months ago
I think A is right, but I could be wrong.
upvoted 0 times
...
Tu
6 months ago
I feel confused about C. Why permit the malicious IP?
upvoted 0 times
...
Mi
6 months ago
Hmm, I'm a bit confused. Shouldn't we be using "deny" instead of "permit" in the rule? I'm not sure which one is the right choice here.
upvoted 0 times
...
Cristy
6 months ago
I think option B is the correct answer, since it denies traffic from the malicious IP address 10.1.4.9 to the entire network (0.0.0.0/0).
upvoted 0 times
Devora
21 days ago
B is definitely the best choice here. We need to protect the network!
upvoted 0 times
...
Haley
26 days ago
Option A only blocks incoming traffic to that IP, not from it.
upvoted 0 times
...
Jacob
1 month ago
I’m not so sure. What about option A?
upvoted 0 times
...
Hyun
1 month ago
Yeah, denying traffic from that IP is crucial.
upvoted 0 times
...
Arminda
1 month ago
I agree, option B seems right. It blocks the malicious IP effectively.
upvoted 0 times
...
...

Save Cancel