An analyst inspects a list controlling inbound traffic to a web server. Certain subnets cannot connect, even though they are intended to have access. Logs indicate a deny action for these subnets. The firewall and router settings have no visible errors. Which method best restores the expected connectivity?
Lower the range of transient ports used by the web server
Add a passive inspection line for tracking inbound requests
Delete existing rules and trust system defaults instead
Put the permit rule for those subnets ahead of the general deny line
Access control lists (ACLs) are processed top-down, and once a match is found, subsequent rules are ignored. If a general deny rule precedes a specific permit, intended access will be blocked. Placing permit rules for specific subnets before the deny-all rule ensures proper functionality and expected access without removing security controls.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are ACLs processed in a top-down order?
Open an interactive chat with Bash
What is the purpose of a 'deny-all' rule in an ACL?