Certified Ethical Hacker (CEH v10) — Question 189

To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

Answer options

• A. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
• B. If (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
• C. If (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit
• D. If (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

Correct answer: A

Explanation

Option A is correct because it allows traffic from the specified source network to the bank's website only on port 443, which is used for HTTPS. Option B is incorrect as it permits HTTP traffic on port 80, which is not secure. Option C is invalid because it reverses the source and destination, and Option D is incorrect due to the incomplete subnet mask for the source network.