CompTIA Security+ Simulations – Performance Based Questions (PBQs)

You're the superhero of servers, the sultan of switches, and now it's time to don your firewall cape! As the network's fearless system administrator, your mission—should you choose to accept it (spoiler: you don’t have a choice)—is to configure a shiny new firewall. Your manager has handed over a scroll of sacred parameters (okay, it's probably just an email), and it's up to you to set up the ultimate rulebook to protect your organization's digital kingdom. Ready?

1. Permit SSH access exclusively from devices within the internal network range (192.168.1.5/24) to the database server at 10.0.0.52.

2. Permit inbound HTTP and HTTPS traffic from any external IP address to the web server located at 10.0.0.51.

3. Allow DNS query traffic from any device on the internal network to the DNS server at 10.0.0.53.

4. Permit SMTPS traffic originating from the internal network to the mail server at 10.0.0.54.

5. Block all other traffic by default unless explicitly allowed.

Following Instruction 2, what is the correct option for Source IP?

You're the superhero of servers, the sultan of switches, and now it's time to don your firewall cape! As the network's fearless system administrator, your mission—should you choose to accept it (spoiler: you don’t have a choice)—is to configure a shiny new firewall. Your manager has handed over a scroll of sacred parameters (okay, it's probably just an email), and it's up to you to set up the ultimate rulebook to protect your organization's digital kingdom. Ready?

1. Permit SSH access exclusively from devices within the internal network range (192.168.1.5/24) to the database server at 10.0.0.52.

2. Permit inbound HTTP and HTTPS traffic from any external IP address to the web server located at 10.0.0.51.

3. Allow DNS query traffic from any device on the internal network to the DNS server at 10.0.0.53.

4. Permit SMTPS traffic originating from the internal network to the mail server at 10.0.0.54.

5. Block all other traffic by default unless explicitly allowed.

Following Instruction Number 1, what is the correct port to select?

You're the superhero of servers, the sultan of switches, and now it's time to don your firewall cape! As the network's fearless system administrator, your mission—should you choose to accept it (spoiler: you don’t have a choice)—is to configure a shiny new firewall. Your manager has handed over a scroll of sacred parameters (okay, it's probably just an email), and it's up to you to set up the ultimate rulebook to protect your organization's digital kingdom. Ready?

1. Permit SSH access exclusively from devices within the internal network range (192.168.1.5/24) to the database server at 10.0.0.52.

2. Permit inbound HTTP and HTTPS traffic from any external IP address to the web server located at 10.0.0.51.

3. Allow DNS query traffic from any device on the internal network to the DNS server at 10.0.0.53.

4. Permit SMTPS traffic originating from the internal network to the mail server at 10.0.0.54.

5. Block all other traffic by default unless explicitly allowed.

Following Instruction Number 2, what is the correct action?

You're the superhero of servers, the sultan of switches, and now it's time to don your firewall cape! As the network's fearless system administrator, your mission—should you choose to accept it (spoiler: you don’t have a choice)—is to configure a shiny new firewall. Your manager has handed over a scroll of sacred parameters (okay, it's probably just an email), and it's up to you to set up the ultimate rulebook to protect your organization's digital kingdom. Ready?

1. Permit SSH access exclusively from devices within the internal network range (192.168.1.5/24) to the database server at 10.0.0.52.

2. Permit inbound HTTP and HTTPS traffic from any external IP address to the web server located at 10.0.0.51.

3. Allow DNS query traffic from any device on the internal network to the DNS server at 10.0.0.53.

4. Permit SMTPS traffic originating from the internal network to the mail server at 10.0.0.54.

5. Block all other traffic by default unless explicitly allowed.

Following Instruction Number 2, what is the correct destination IP address for Rule No. 1?

You're the superhero of servers, the sultan of switches, and now it's time to don your firewall cape! As the network's fearless system administrator, your mission—should you choose to accept it (spoiler: you don’t have a choice)—is to configure a shiny new firewall. Your manager has handed over a scroll of sacred parameters (okay, it's probably just an email), and it's up to you to set up the ultimate rulebook to protect your organization's digital kingdom. Ready?

1. Permit SSH access exclusively from devices within the internal network range (192.168.1.5/24) to the database server at 10.0.0.52.

2. Permit inbound HTTP and HTTPS traffic from any external IP address to the web server located at 10.0.0.51.

3. Allow DNS query traffic from any device on the internal network to the DNS server at 10.0.0.53.

4. Permit SMTPS traffic originating from the internal network to the mail server at 10.0.0.54.

5. Block all other traffic by default unless explicitly allowed.

What should you set as the action for Rule 4?

You're the superhero of servers, the sultan of switches, and now it's time to don your firewall cape! As the network's fearless system administrator, your mission—should you choose to accept it (spoiler: you don’t have a choice)—is to configure a shiny new firewall. Your manager has handed over a scroll of sacred parameters (okay, it's probably just an email), and it's up to you to set up the ultimate rulebook to protect your organization's digital kingdom. Ready?

1. Permit SSH access exclusively from devices within the internal network range (192.168.1.5/24) to the database server at 10.0.0.52.

2. Permit inbound HTTP and HTTPS traffic from any external IP address to the web server located at 10.0.0.51.

3. Allow DNS query traffic from any device on the internal network to the DNS server at 10.0.0.53.

4. Permit SMTPS traffic originating from the internal network to the mail server at 10.0.0.54.

5. Block all other traffic by default unless explicitly allowed.

What should you set as the port for Rule No. 5

You're the superhero of servers, the sultan of switches, and now it's time to don your firewall cape! As the network's fearless system administrator, your mission—should you choose to accept it (spoiler: you don’t have a choice)—is to configure a shiny new firewall. Your manager has handed over a scroll of sacred parameters (okay, it's probably just an email), and it's up to you to set up the ultimate rulebook to protect your organization's digital kingdom. Ready?

1. Permit SSH access exclusively from devices within the internal network range (192.168.1.5/24) to the database server at 10.0.0.52.

2. Permit inbound HTTP and HTTPS traffic from any external IP address to the web server located at 10.0.0.51.

3. Allow DNS query traffic from any device on the internal network to the DNS server at 10.0.0.53.

4. Permit SMTPS traffic originating from the internal network to the mail server at 10.0.0.54.

5. Block all other traffic by default unless explicitly allowed.

What should you set as the destination IP for Rule 6?

You're the superhero of servers, the sultan of switches, and now it's time to don your firewall cape! As the network's fearless system administrator, your mission—should you choose to accept it (spoiler: you don’t have a choice)—is to configure a shiny new firewall. Your manager has handed over a scroll of sacred parameters (okay, it's probably just an email), and it's up to you to set up the ultimate rulebook to protect your organization's digital kingdom. Ready?

1. Permit SSH access exclusively from devices within the internal network range (192.168.1.5/24) to the database server at 10.0.0.52.

2. Permit inbound HTTP and HTTPS traffic from any external IP address to the web server located at 10.0.0.51.

3. Allow DNS query traffic from any device on the internal network to the DNS server at 10.0.0.53.

4. Permit SMTPS traffic originating from the internal network to the mail server at 10.0.0.54.

5. Block all other traffic by default unless explicitly allowed.

What should you set as the port for Rule 6?

You're the superhero of servers, the sultan of switches, and now it's time to don your firewall cape! As the network's fearless system administrator, your mission—should you choose to accept it (spoiler: you don’t have a choice)—is to configure a shiny new firewall. Your manager has handed over a scroll of sacred parameters (okay, it's probably just an email), and it's up to you to set up the ultimate rulebook to protect your organization's digital kingdom. Ready?

1. Permit SSH access exclusively from devices within the internal network range (192.168.1.5/24) to the database server at 10.0.0.52.

2. Permit inbound HTTP and HTTPS traffic from any external IP address to the web server located at 10.0.0.51.

3. Allow DNS query traffic from any device on the internal network to the DNS server at 10.0.0.53.

4. Permit SMTPS traffic originating from the internal network to the mail server at 10.0.0.54.

5. Block all other traffic by default unless explicitly allowed.

What should you set as the Source IP for Instruction 3 and Rule 4?