How to Tackle Security+ PBQs: Firewall, Wi-Fi & Log Analysis

🔥 Firewall Rule PBQs

Firewall Rule PBQs test your ability to configure access control policies that align with business and security requirements. These questions simulate real-world scenarios, such as securing a public web server, protecting internal resources, or blocking malicious traffic. Understanding how firewalls process rules and applying the principle of least privilege are critical to success.

• **Allow HTTPS Traffic**: Permit HTTPS traffic (port 443) from external networks to a web server located in a DMZ (Demilitarized Zone). This ensures secure communication between users and the web server while isolating it from internal systems.
• **Block Insecure Services**: Deny traffic for insecure protocols like FTP (port 21) and Telnet (port 23) from untrusted zones. These protocols transmit data in plaintext, making them vulnerable to interception and attacks.
• **Restrict IP Ranges**: Use specific IP ranges instead of "any" to minimize the attack surface. For example, allow access only from trusted corporate IPs or specific geographic regions.
• **Deny by Default**: Implement a "deny all" rule at the bottom of the rule set to block any traffic that does not explicitly match an allow rule. This ensures that only authorized traffic is permitted.
• **Enable Stateful Inspection**: Configure the firewall to track the state of active connections. This allows return traffic for legitimate sessions while blocking unsolicited packets.

🔎 Tip: Firewalls process rules in a top-down order. Place specific allow or deny rules before general ones to ensure they are applied correctly. For example, allow HTTPS traffic to a web server before applying a "deny all" rule.

� Example Scenario: You are tasked with securing a public-facing web server. Configure the following rules:

For more details on firewall configurations, refer to the Cloudflare Firewall Rule Guide .

📶 Wi-Fi Security PBQs

Wi-Fi Security PBQs assess your ability to configure secure wireless networks in enterprise environments. These questions often simulate real-world scenarios where you must choose the most secure SSID configurations, authentication protocols, and encryption standards.

• Always select WPA3-Enterprise (or WPA2-Enterprise) over WPA2-Personal for stronger security. WPA3-Enterprise provides enhanced encryption and protection against brute-force attacks. Learn more about Wi-Fi Alliance security standards.
• Disable WPS (Wi-Fi Protected Setup) and SSID broadcasting in enterprise environments to reduce attack vectors. WPS is vulnerable to brute-force attacks, and disabling SSID broadcasting prevents unauthorized users from easily discovering your network.
• Implement 802.1X authentication with RADIUS or certificate-based methods like EAP-TLS. This ensures that only authorized devices and users can connect to the network, providing an additional layer of security.

💡 Tip: Avoid shared credentials in enterprise environments. Instead, use certificate-based logins (e.g., EAP-TLS) to align with industry best practices for wireless security. Certificate-based authentication eliminates the risks associated with shared passwords and ensures that each user has unique credentials.

For a deeper dive into wireless security best practices, refer to the NIST Wireless Network Security Guide .

🧾 Log Analysis PBQs

Log analysis PBQs simulate security monitoring and incident detection. You'll be given a raw log file or system output and asked to identify malicious behavior or outline an incident timeline.

• Detect brute-force login attempts (e.g., repeated failed logins from the same IP).
• Identify privilege escalation activities or unauthorized changes.
• Correlate timestamps and source IPs with suspicious behavior.

🔍 Tip: Use a consistent method to scan log entries: look at user, action, time, and IP. Familiarize yourself with SIEM tools like Splunk or ELK stack.