SNCF — Securing Networks with Firepower — Question 259

A security engineer must add a new policy to block UDP traffic to one server. The engineer adds a new object. Which action must the engineer take next to identify all the UDP ports?

Answer options

• A. Specify the transport protocol and leave the port number empty.
• B. Define the transport protocol and the mandatory port range.
• C. Add the transport number and specify the type and code.
• D. Add the corresponding IP protocol number for UDP and TCP.

Correct answer: A

Explanation

The correct answer is A because specifying the transport protocol while leaving the port number empty will allow the engineer to capture all UDP ports. Option B is incorrect because defining a port range limits the identification to specific ports only. Option C is not applicable as it refers to different parameters unrelated to identifying UDP ports. Option D is also incorrect since it involves UDP and TCP protocol numbers instead of focusing solely on UDP.