A systems administrator is hardening a newly deployed database server that hosts a critical application database. The server should only accept Microsoft SQL Server connections from the company's application servers, which are located on the 10.10.20.0/24 subnet. The administrator needs to configure the server's host-based firewall to enforce this policy while adhering to the principle of least privilege.
Which of the following firewall rules BEST accomplishes this?
The correct rule allows TCP traffic on port 1433 specifically from the 10.10.20.0/24 source subnet. This adheres to the principle of least privilege by being as specific as possible. Microsoft SQL Server uses TCP port 1433 for database connections by default. Allowing traffic from 'Any' source IP would violate the principle of least privilege by unnecessarily exposing the database port to all networks. Denying traffic from the specified subnet would block the legitimate application servers. Using UDP port 1434 would be incorrect as that port is for the SQL Browser service, not for the database connection itself, which uses TCP.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the principle of least privilege?
Open an interactive chat with Bash
Why does Microsoft SQL Server use TCP port 1433 by default?
Open an interactive chat with Bash
What is the difference between TCP port 1433 and UDP port 1434 in SQL Server?