Certified Ethical Hacker (CEH v11) — Question 142

To reach a bank web site, the traffic from workstations must pass through a firewall. You have been asked to review the firewall configuration to ensure that workstations in network 10.10.10.0/24 can only reach the bank web site 10.20.20.1 using https. Which of the following firewall rules meets this requirement?

Answer options

• A. if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 443) then permit
• B. if (source matches 10.10.10.0/24 and destination matches 10.20.20.1 and port matches 80 or 443) then permit
• C. if (source matches 10.20.20.1 and destination matches 10.10.10.0/24 and port matches 443) then permit
• D. if (source matches 10.10.10.0 and destination matches 10.20.20.1 and port matches 443) then permit

Correct answer: A

Explanation

Option A is correct because it restricts traffic from the specified source network to reach only the designated bank website over HTTPS (port 443). Option B incorrectly allows HTTP traffic (port 80), which does not meet the requirement for exclusive HTTPS access. Option C incorrectly reverses the source and destination, and Option D lacks the proper subnet mask for the source address, making it invalid.