CompTIA CASP+ (CAS-002) — Question 6

A security administrator was doing a packet capture and noticed a system communicating with an unauthorized address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network. Which of the following is the BEST course of action?

Answer options

• A. Investigate the network traffic and block UDP port 3544 at the firewall
• B. Remove the system from the network and disable IPv6 at the router
• C. Locate and remove the unauthorized 6to4 relay from the network
• D. Disable the switch port and block the 2001::/32 traffic at the firewall

Correct answer: A

Explanation

The best action is to investigate the network traffic and block UDP port 3544 at the firewall because this port is associated with the Teredo tunneling protocol, which could be used for unauthorized IPv6 communication. Removing the system and disabling IPv6 may not be necessary if the traffic can be controlled, while locating and removing a 6to4 relay or disabling the switch port might not address the root cause of the problem.