ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam N10-009 All Questions

View all questions & answers for the N10-009 exam
Go to Exam

Exam N10-009 topic 1 question 227 discussion

Actual exam question from CompTIA's N10-009
Question #: 227
Topic #: 1
[All N10-009 Questions]

An administrator enables DNS filtering on the firewall to block users from visiting malicious websites. Which of the following should the administrator also do? (Choose two.)

  • A. Disable DoH in users’ internet browsers.
  • B. Update NS record to point to DNS filter servers.
  • C. Block port 443 to the malicious websites.
  • D. Block port 53 to servers on the internet.
  • E. Disable TLS v1.3 in users’ internet browsers.
  • F. Implement DNSSEC for corporate records.
Show Suggested Answer Hide Answer
Suggested Answer: AF 🗳️
by fc040c7 at March 23, 2025, 10:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
scottytohotty
1 month, 3 weeks ago
Selected Answer: AF
A and F. Websites can be hosted internally as well so I feel DNSSEC is valid. DoH also seems right. Disabling 53 will not work well in my opinion. B seems invalid for DNS filtering. E is dumb.
upvoted 1 times
...
2a36460
1 month, 3 weeks ago
Selected Answer: AB
Disabling DoH (DNS over HTTPS) in user browsers can be beneficial in scenarios where it interferes with specific network security policies or filtering mechanisms. DoH, while enhancing privacy, can bypass local DNS resolvers, potentially circumventing parental controls or web filtering implemented by organizations or individualsweb traffic Updating the NS (Name Server) record to point to DNS filter servers changes where the internet looks for your domain's DNS records. This allows you to use a DNS filtering service to block malicious websites or content
upvoted 1 times
...
Hundo_954
2 months, 2 weeks ago
Selected Answer: AD
A. Disable DoH in users’ internet browsers DNS over HTTPS (DoH) bypasses traditional DNS filtering by encrypting DNS queries. Disabling it ensures that users cannot circumvent the firewall's DNS filtering rules. D. Block port 53 to servers on the internet Blocking port 53 prevents DNS queries from bypassing the configured DNS filtering solution, ensuring all queries go through the firewall. Why Not the Other Options? B: NS records control domain authority and aren't used for DNS filtering. C: Blocking port 443 is too broad and would disrupt legitimate HTTPS traffic. E: Disabling TLS v1.3 weakens overall security and doesn't impact DNS filtering. F: DNSSEC prevents DNS spoofing but doesn't enforce DNS filtering.
upvoted 4 times
...
noone21
3 months ago
Selected Answer: AB
A. Disable DoH in users’ internet browsers. DoH (DNS over HTTPS) encrypts DNS queries, making them harder for firewalls to filter. If DoH is enabled, users can bypass the firewall's DNS filtering. Therefore, disabling DoH is essential for the firewall to effectively block malicious websites. B. Update NS record to point to DNS filter servers. NS (Name Server) records specify the DNS servers responsible for a domain. By updating NS records to point to the DNS filter servers, the firewall can intercept and filter DNS queries before they reach external DNS servers.
upvoted 1 times
...
fc040c7
3 months ago
Selected Answer: BF
All the other answers should not be blocked or disabled. 143 - HTTPS important, 53 - DNS IMPORTANT, TLS v1.3 come on now
upvoted 1 times
fc040c7
3 months ago
Doh, DNS over HTTPS btw
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel