CompTIA Security+ (SY0-501) — Question 1033

A network administrator needs to allocate a new network for the R&D group. The network must not be accessible from the Internet regardless of the network firewall or other external misconfigurations. Which of the following settings should the network administrator implement to accomplish this?

Answer options

• A. Configure the OS default TTL to 1
• B. Use NAT on the R&D network
• C. Implement a router ACL
• D. Enable protected ports on the switch

Correct answer: A

Explanation

Setting the OS default TTL to 1 ensures that packets from the R&D network will not be routed beyond the local network, making it unreachable from the Internet. Using NAT, configuring a router ACL, or enabling protected ports on the switch may not completely prevent external access, especially if there are misconfigurations in other areas.