When configuring a firewall, the first step is identifying which ports, protocols, and services are required for normal business operations. This ensures only legitimate traffic is allowed. After establishing the required rules, a default deny rule is added for security.
B. Deny all rule is important, but it should come after defining required rules.
C. VPN access is a service to configure, but only after determining baseline needs.
D. Outbound traffic policies are part of refinement, not the first consideration.
References (CompTIA Network+ N10-009):
Domain: Network Security — Firewall configuration, rule order, least privilege.
