CompTIA Security+ (SY0-401) — Question 25

Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following
ACL?
PERMIT TCP ANY HOST 192.168.0.10 EQ 80
PERMIT TCP ANY HOST 192.168.0.10 EQ 443

Answer options

• A. It implements stateful packet filtering.
• B. It implements bottom-up processing.
• C. It failed closed.
• D. It implements an implicit deny.

Correct answer: D

Explanation

The correct answer is D because an implicit deny is a fundamental principle in ACLs, meaning any traffic not explicitly permitted is automatically denied. Options A and B do not accurately describe the behavior of the firewall, and option C is misleading as it suggests a different operational mode that is not relevant in this context.