Question 15 - CompTIA Network+ N10-009 Real Exam Questions [Jan 2026 Update]

Q: 15

SIMULATION You have been tasked with implementing an ACL on the router that will: 1. Permit the most commonly used secure remote access technologies from the management network to all other local network segments 2. Ensure the user subnet cannot use the most commonly used remote access technologies in the Linux and Windows Server segments. 3. Prohibit any traffic that has not been specifically allowed. INSTRUCTIONS Use the drop-downs to complete the ACL If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Your Answer

Correct Answer:

THE ACCESS CONTROL LIST (ACL) SHOULD BE CONFIGURED WITH THE FOLLOWING RULES IN ORDER:

Explanation

This ACL configuration directly implements the specified security policy.

Permit Management Access: The first two rules allow secure remote access from the management network (192.168.255.0/24) to all other subnets. This is achieved by permitting SSH (TCP port 22) and RDP (TCP port 3389), which are the standard secure protocols for managing Linux and Windows systems, respectively.
Deny Workstation Access: Rules 3 through 6 explicitly deny workstation users (192.168.1.0/24) from using SSH or RDP to access the server segments (192.168.25.0/24 and 192.168.26.0/24), enforcing the separation of duties.
Default Deny: The final rule, DENY IP ANY ANY, is a crucial implementation of the principle of least privilege. It ensures that any traffic not explicitly permitted by the preceding rules is dropped, fulfilling the requirement to prohibit all other traffic.

References

Kurose, J. F., & Ross, K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson.

In Chapter 5.6.3 on "Firewalls and Attack Prevention," the authors discuss packet-filtering firewalls (ACLs). They explain that rules are applied in a sequential manner and often conclude with a default "deny-all" policy to block any traffic not explicitly allowed. This supports the structure and final rule of the provided answer.

Cisco Systems, Inc. (2023). IP Access List Configuration Guide, Cisco IOS XE Bengaluru 17.6.x.

In the "How to Configure IP Access Lists" section, the documentation details the syntax access-list access-list-number {deny | permit} protocol source source-wildcard destination destination-wildcard. It also notes the implicit "deny any" statement at the end of every access list, which the simulation requires to be made explicit to fulfill the prompt's instructions. This source validates the protocol, source/destination, and action syntax used.

Scarfone, K., & Hoffman, P. (2009). Guidelines on Firewalls and Firewall Policy (NIST Special Publication 800-41 Revision 1). National Institute of Standards and Technology.

Section 4.3, "Firewall Rule Sets," emphasizes that rule sets should be based on a policy of "deny all traffic by default and grant exceptions for only the traffic that is specifically needed." This directly supports the implementation of the explicit DENY IP ANY ANY rule as a best practice for security policy enforcement. DOI: https://doi.org/10.6028/NIST.SP.800-41r1

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE