Re: job screening question

[Owen DeLong <owen () delong com>]

On Jul 7, 2012, at 5:44 PM, Keith Medcalf wrote:

> > "What's the problem with using 255.255.255.247 as a subnet mask if you
> > want to make a LAN subnet with 12 hosts?"
> > (5 word answer)
>
> Unemployment Office Is That Way ->
>
> Is the only 5 word answer I could come up with.  The correct answer "invalid netmask", is only two words.

LoL...

Even if you allowed for discontiguous subnet masks, you'd need to use 255.255.255.243 and not
255.255.255.247 to achieve 12 hosts.

Not sure what 5 word answer you're looking for, but Keith's answer and mine are the two most obvious
issues I can think of.

> > "What TCP destination port numbers should be allowed through the
> > perimeter stateful firewall device to and from a mail server whose
> > only purpose is to proxy SMTP mail from internal sources?"
> > (one number answer)
>
> Short Answer:  There is no answer to the question that can be expressed in one number.

Sure there is, if you count "none" as a number.

> Outbound connections to TCP destination port 25 only.  Returning traffic (including associated ICMP) should be 
> automatically handled by your stateful inspection firewall.  If not, you need to buy a better firewall.

I'd allow 25 and 465 outbound, myself. No reason to block SSL if the remote side offers the capability.

ICMP wouldn't be a TCP destination port number anyway.

> Any applicant who provides any answer should the rejected out of hand as (a) being unable to read (b) being a threat 
> to security.

LoL... Some truth to that.

Owen