CompTIA Security+ (SY0-601) — Question 843

While troubleshooting a firewall configuration, a technician determines that a "deny any" policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable. Which of the following actions would prevent this issue?

Answer options

• A. Documenting the new policy in a change request and submitting the request to change management
• B. Testing the policy in a non-production environment before enabling the policy in the production network
• C. Disabling any intrusion prevention signatures on the "deny any" policy prior to enabling the new policy
• D. Including an “allow any" policy above the "deny any" policy

Correct answer: A

Explanation

The correct answer is A because documenting and submitting the new policy for approval helps ensure that changes are reviewed and potential issues are identified before implementation. Options B, C, and D do not address the need for proper change management, which is crucial in preventing disruptions in a production environment.