CompTIA Security+ (SY0-601) — Question 365

During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization's network. Which of the following fulfills this request?

Answer options

• A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32
• B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0
• C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0
• D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Correct answer: B

Explanation

The correct answer is B because it effectively blocks incoming traffic from the malicious IP address 10.1.4.9. Options A and D do not correctly specify the source and destination for blocking traffic, and option C permits traffic from the malicious IP, which is contrary to the goal of blocking it.