CompTIA Network+ (N10-008) — Question 659

A firewall administrator observes log entries of traffic being allowed to a web server on port 80 and port 443. The policy for this server is to only allow traffic on port 443. The firewall administrator needs to investigate how this change occurred to prevent a reoccurrence. Which of the following should the firewall administrator do next?

Answer options

• A. Consult the firewall audit logs.
• B. Change the policy to allow port 80.
• C. Remove the server object from the firewall policy.
• D. Check the network baseline.

Correct answer: A

Explanation

The correct answer is A because reviewing the firewall audit logs will provide insights into how the traffic to port 80 was allowed, helping to identify the cause of the policy violation. Options B and C are not appropriate responses since they do not address the root cause of the issue. Option D, while useful, does not directly help in understanding why the policy was not enforced as intended.