CertNexus Certified Cyber Secure Coder (CSC) — Question 82

A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)

Answer options

• A. iptables -A INPUT -p tcp –dport 25 -d x.x.x.x -j ACCEPT
• B. iptables -A INPUT -p tcp –sport 25 -d x.x.x.x -j ACCEPT
• C. iptables -A INPUT -p tcp –dport 25 -j DROP
• D. iptables -A INPUT -p tcp –destination-port 21 -j DROP
• E. iptables -A FORWARD -p tcp –dport 6881:6889 -j DROP

Correct answer: A, C

Explanation

The correct commands A and C are effective in managing SMTP traffic. Command A allows SMTP traffic to designated email servers, while command C blocks all other SMTP traffic to internal clients, effectively stopping the flood. The other options either do not address port 25 specifically or target different protocols and ports, making them unsuitable for this situation.