CompTIA Security+ (SY0-701) — Question 17

During a security incident, the security operations team identified sustained network traffic from a malicious IP address: 10.1.4.9. A security analyst is creating an inbound firewall rule to block the IP address from accessing the organization’s network. Which of the following fulfills this request?

Answer options

• A. access-list inbound deny ip source 0.0.0.0/0 destination 10.1.4.9/32
• B. access-list inbound deny ip source 10.1.4.9/32 destination 0.0.0.0/0
• C. access-list inbound permit ip source 10.1.4.9/32 destination 0.0.0.0/0
• D. access-list inbound permit ip source 0.0.0.0/0 destination 10.1.4.9/32

Correct answer: B

Explanation

The correct answer, B, effectively blocks traffic from the malicious IP address 10.1.4.9 by denying it access to the network. Option A incorrectly denies traffic from all sources to the malicious IP, while C and D allow traffic rather than blocking it, making them ineffective for this scenario.