Which ACL rule is generally more secure?

Prepare for the Network Security Examination by mastering key concepts in cybersecurity. Utilize interactive questions and detailed explanations to enhance your knowledge. Excel in your exam with our comprehensive preparation resources!

Multiple Choice

Which ACL rule is generally more secure?

Explanation:
Limiting what is reachable through an ACL is about reducing the attack surface by giving the smallest amount of access required. Permitting access to a single internal webserver achieves that: it concentrates exposure to just one host, making it easier to enforce strict controls (such as allowing only specific protocols, ports, and trusted IPs) and to monitor and defend that server. If an attacker manages to compromise a system, the impact is contained to that one server rather than all internal webservers, and you can apply tighter security measures around it. Allowing access to all internal webservers broadens the potential targets and complicates containment and monitoring. Denying all external access sounds very secure in theory, but it can render legitimate services unusable and is not practical for typical operations. Not applying any ACLs removes protection altogether, increasing risk. So, permitting access to a single internal webserver best balances security with functionality and aligns with restricting access to what’s truly necessary.

Limiting what is reachable through an ACL is about reducing the attack surface by giving the smallest amount of access required. Permitting access to a single internal webserver achieves that: it concentrates exposure to just one host, making it easier to enforce strict controls (such as allowing only specific protocols, ports, and trusted IPs) and to monitor and defend that server. If an attacker manages to compromise a system, the impact is contained to that one server rather than all internal webservers, and you can apply tighter security measures around it.

Allowing access to all internal webservers broadens the potential targets and complicates containment and monitoring. Denying all external access sounds very secure in theory, but it can render legitimate services unusable and is not practical for typical operations. Not applying any ACLs removes protection altogether, increasing risk.

So, permitting access to a single internal webserver best balances security with functionality and aligns with restricting access to what’s truly necessary.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy