CompTIA Network+ (N10-007) — Question 161

A UTM is deployed on the external edge of the main corporate office. The office connects to the WAN port of the edge router. The edge router at the main office connects to the remote offices using GRE IPSec tunnels. A network administrator notices that a worm that was not detected by the UTM has spread from the remote sites into the corporate network. The UTM currently has traffic rules applied that should block the port used by the worm. Which of the following steps would MOST likely correct this issue?

Answer options

• A. Move the UTM onto the LAN side of the network
• B. Enable TLS inspection on the UTM
• C. Enable stateful inspection on the UTM
• D. Configure the UTM to deny encrypted files from being transferred

Correct answer: C

Explanation

Enabling stateful inspection on the UTM allows it to track the state of active connections and make decisions based on the context of the traffic, which is essential for identifying and blocking the worm. The other options may help in certain scenarios, but they do not address the fundamental issue of monitoring and controlling the state of the traffic effectively.