300-740 Exam Dumps : Designing and Implementing Secure Cloud Access for Users and Endpoints (SCAZT)

From the firewall access rules provided, Rule 1 allows traffic from 20.1.1.10 (GCP VM) to 20.1.1.1 using HTTPS. However, this destination is not the actual mail server—the mail server resides at 192.168.200.10 (inside network). Therefore:

A: Rule 1 must be updated to reflect the correct destination: 192.168.200.10. Without this change, traffic is not permitted to the mail server.

D: NAT (Network Address Translation) is needed to translate the external address (e.g., 20.1.1.10) to access internal addresses (like 192.168.200.10). As per SCAZT and Cisco firewall policies, NAT enables proper packet delivery from public to private zones.

Rule 2, which denies all other traffic, is correctly placed after the specific allow rule. Therefore, moving it (Option B) would not help, and Options C and E are unrelated to resolving the immediate firewall access and routing issue.

The Secure Cloud Analytics alert indicates suspicious heartbeat-based connections from an internal server (ip-10-201-0-16) to multiple suspicious IPs over UDP/port 53 (DNS). This behavior suggests command-and-control (C2) activity or botnet communications.

B: Alerting the incident response (IR) team is a critical next step in escalating a verified threat as per SCAZT Section 6 (Threat Response, Pages 114–117).

D: Blocking the identified malicious IPs on perimeter firewalls or network access control devices is an appropriate containment step to disrupt communication.

Reinstallation (A/E) is premature without a full forensic investigation. Validating IDS logs (C) is useful but not immediate response-focused compared to actions B and D.