Which command implements a basic firewall rule to drop traffic from a specific source address 203.0.113.0/24?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the MTCNA Foundation Exam. Prepare with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your certification!

Multiple Choice

Which command implements a basic firewall rule to drop traffic from a specific source address 203.0.113.0/24?

Explanation:
Blocking traffic from a specific source address is done by creating a firewall rule that matches that source and drops it, applied on the correct chain. Here, you want to block traffic headed to the router itself, so you place the rule in the input chain and specify the source as 203.0.113.0/24 with the action set to drop. The command /ip firewall filter add chain=input src-address=203.0.113.0/24 action=drop implements exactly that: any packets coming from hosts in that /24 range are discarded before they reach services on the router. The input chain handles traffic destined for the device, which is why this rule blocks those sources at the entry point. Using the forward chain would drop traffic passing through the router between interfaces, not traffic aimed at the router itself. Setting the action to accept would allow the traffic rather than block it, and specifying a different subnet like 203.0.0.0/24 wouldn’t target the requested range.

Blocking traffic from a specific source address is done by creating a firewall rule that matches that source and drops it, applied on the correct chain. Here, you want to block traffic headed to the router itself, so you place the rule in the input chain and specify the source as 203.0.113.0/24 with the action set to drop. The command /ip firewall filter add chain=input src-address=203.0.113.0/24 action=drop implements exactly that: any packets coming from hosts in that /24 range are discarded before they reach services on the router. The input chain handles traffic destined for the device, which is why this rule blocks those sources at the entry point. Using the forward chain would drop traffic passing through the router between interfaces, not traffic aimed at the router itself. Setting the action to accept would allow the traffic rather than block it, and specifying a different subnet like 203.0.0.0/24 wouldn’t target the requested range.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy