CompTIA Security+ (SY0-601) — Question 218

A security administrator needs to block a TCP connection using the corporate firewall. Because this connection is potentially a threat, the administrator does not want to send back an RST. Which of the following actions in the firewall rule would work BEST?

Answer options

• A. Drop
• B. Reject
• C. Log alert
• D. Permit

Correct answer: A

Explanation

The correct answer is 'Drop' because this action will silently discard the packets without sending any response, thereby not alerting the sender. In contrast, 'Reject' would send an RST, while 'Log alert' and 'Permit' do not effectively block the connection.