Exam XK0-005 topic 1 question 149 discussion

Actual exam question from CompTIA's XK0-005

Question #: 149
Topic #: 1

A Linux administrator has set up a new DNS forwarder and is configuring all internal servers to use the new forwarder to look up external DNS requests. The administrator needs to modify the firewall on the server for the DNS forwarder to allow the internal servers to communicate to it and make the changes persistent between server reboots. Which of the following commands should be run on the DNS forwarder server to accomplish this task?

A. ufw allow out dns
B. systemctl reload firewalld
C. iptables -A OUTPUT -p udp -m udp -dport 53 -j ACCEPT
D. firewall-cmd --zone=public --add-port=53/udp --permanent

Show Suggested Answer

Suggested Answer: D 🗳️

by Jacobmy98 at April 27, 2023, 6:44 p.m.

Comments

Submit Cancel

imnewtothis

11 months, 1 week ago

Selected Answer: D

This command adds a rule to the firewall using firewall-cmd, allowing UDP traffic on port 53, which is used for DNS communication. The --permanent option makes the change persistent between reboots.

upvoted 1 times

...

DRVision

1 year, 2 months ago

Selected Answer: D

D. firewall-cmd --zone=public --add-port=53/udp --permanent. This command will open UDP port 53, which is the port used by DNS, in the public zone of the firewall. The --permanent option makes the change persistent across reboots. Here’s a brief explanation of the other options: A. ufw allow out dns would be used if you were configuring a Ubuntu or Debian-based system that uses UFW ("Uncomplicated" Firewall - notice they did not specify uncomplicated which points towards a firewalld.) B. systemctl reload firewalld is used to reload the firewall configuration, but it doesn’t actually make any changes to the configuration. C. iptables -A OUTPUT -p udp -m udp -dport 53 -j ACCEPT is an iptables command that would allow outgoing DNS traffic, but it wouldn’t persist after a reboot unless saved to a file and restored on boot.

upvoted 3 times

...