CompTIA Security+ (SY0-701) — Question 78

While troubleshooting a firewall configuration, a technician determines that a “deny any” policy should be added to the bottom of the ACL. The technician updates the policy, but the new policy causes several company servers to become unreachable.
Which of the following actions would prevent this issue?

Answer options

• A. Documenting the new policy in a change request and submitting the request to change management
• B. Testing the policy in a non-production environment before enabling the policy in the production network
• C. Disabling any intrusion prevention signatures on the “deny any” policy prior to enabling the new policy
• D. Including an “allow any” policy above the “deny any” policy

Correct answer: B

Explanation

The correct answer is B because testing a policy in a non-production environment allows for the identification of potential issues before impacting the live network. Options A, C, and D do not directly address the need for validation of the policy's effects in a safe environment, which is crucial to prevent disruptions.