ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 952 discussion

Actual exam question from CompTIA's SY0-501
Question #: 952
Topic #: 1
[All SY0-501 Questions]

A security technician is configuring a new firewall appliance for a production environment. The firewall must support secure web services for client workstations on the 10.10.10.0/24 network. The same client workstations are configured to contact a server at 192.168.1.15/24 for domain name resolution. Which of the following rules should the technician add to the firewall to allow this connectivity for the client workstations? (Choose two.)

  • A. Permit 10.10.10.0/24 0.0.0.0 ג€"p tcp --dport 22
  • B. Permit 10.10.10.0/24 0.0.0.0 ג€"p tcp --dport 80
  • C. Permit 10.10.10.0/24 192.168.1.15/24 ג€"p udp --dport 21
  • D. Permit 10.10.10.0/24 0.0.0.0 ג€"p tcp --dport 443
  • E. Permit 10.10.10.0/24 192.168.1.15/24 ג€"p tcp --dport 53
  • F. Permit 10.10.10.0/24 192.168.1.15/24 ג€"p udp --dport 53
Show Suggested Answer Hide Answer
Suggested Answer: DE 🗳️
by jlowtek at Nov. 8, 2020, 3:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jlowtek
Highly Voted 4 years, 6 months ago
Should be DF. DNS by default is running in UDP port 53
upvoted 17 times
FNavarro
4 years, 2 months ago
DNSSEC uses TCP 53
upvoted 2 times
Heymannicerouter
3 years, 12 months ago
Question doesn't specify DNSSEC
upvoted 1 times
Nerzul007
3 years, 11 months ago
It specifies secure connection hence DNSSEC
upvoted 3 times
...
...
...
...
dgse
Highly Voted 4 years, 5 months ago
I agree: DF is a better answer. TCP/53 is usually used for DNS zone transfer, not for DNS request.
upvoted 7 times
...
Lobizon
Most Recent 4 years ago
D and E because, DNSSEC uses TCP 53 port for communication and "Secure webs services" run on port 443 HTTPS.
upvoted 2 times
...
Lobizon
4 years ago
D and E because, DNSSEC uses TCP 53 port for communication and "Secure webs services" run on port 443 HTTPS.
upvoted 2 times
...
Teoneg
4 years, 1 month ago
Where is specified that the implementation required DNSSec?
upvoted 1 times
...
ares1027
4 years, 2 months ago
Port 53 TCP is for zone transfers. Port 53 UDP is for queries and resolution. My choice is D and F
upvoted 5 times
...
jasonblock
4 years, 2 months ago
Really going to make me remember if it is UDP or TCP eh....
upvoted 1 times
...
Helloworld__
4 years, 3 months ago
UDP is for name so F should be the answer!
upvoted 2 times
...
agapetus
4 years, 4 months ago
Looks like they changed the answer to D and F.
upvoted 2 times
who__cares123456789___
4 years, 4 months ago
My screen still shows D and E!! They change it back? Read here "Furthermore, most organizations have also used firewalls to block TCP port 53 to and from their DNS servers and the Internet. This is double-protection in case the DNS server accidentally allowed transfers. Configuring your DNS servers to permit zone transfers to only legitimate DNS servers has always been and continues to be a best practice. However, the practice of denying TCP port 53 to and from DNS servers is starting to cause some problems. There are two good reasons that we would want to allow both TCP and UDP port 53 connections to our DNS servers. One is DNSSEC and the second is IPv6." FROM https://www.networkworld.com/article/2231682/cisco-subnet-allow-both-tcp-and-udp-port-53-to-your-dns-servers.html Maybe this is a new 601 question....things are changing....it could also be that it mentions internal DNS, not facing the net, so in that case they could allow for tcp, so long as they have all access from the internet blocked off....another stupid question without all the info to make a decision
upvoted 3 times
...
...
jbnkb
4 years, 5 months ago
Yeah seems like another incorrect answer. It should be DF. DNSSEC uses TCP 53 as packets can be larger than 512 bytes; which is the limit for UDP.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago