CompTIA Network+ (N10-006) — Question 15

A network technician needs to protect IP based servers in the network DMZ from being discovered by an intruder utilizing a ping sweep.
Which of the following should the technician do to protect the network from ping sweeps?

Answer options

• A. Block echo replies inbound to the DMZ
• B. Disable UDP on the servers
• C. Block ICMP at the firewall
• D. Disable TCP/IP on the server

Correct answer: C

Explanation

Blocking ICMP at the firewall will prevent ICMP echo requests, which are used in ping sweeps, from reaching the servers in the DMZ. This effectively hides the servers from potential intruders. The other options do not directly address the issue of ping sweeps; for example, disabling TCP/IP would render the servers non-functional and disabling UDP does not impact ICMP traffic.