PrepAway - Latest Free Exam Questions & Answers

Which of the following rules would accomplish this task?

A network administrator wants to block both DNS requests and zone transfers coming from outside IP
addresses. The company uses a firewall which implements an implicit allow and is currently configured with the
following ACL applied to its external interface.
PERMIT TCP ANY ANY 80
PERMIT TCP ANY ANY 443Which of the following rules would accomplish this task? (Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
Change the firewall default settings so that it implements an implicit deny

B.
Apply the current ACL to all interfaces of the firewall

C.
Remove the current ACL

D.
Add the following ACL at the top of the current ACLDENY TCP ANY ANY 53

E.
Add the following ACL at the bottom of the current ACLDENY ICMP ANY ANY 53

F.
Add the following ACL at the bottom of the current ACLDENY IP ANY ANY 53

Explanation:
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a
resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny
isn’t present.
DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers. These are zone file
exchanges between DNS servers, special manual queries, or used when a response exceeds 512 bytes. UDP
port 53 is used for most typical DNS queries.

PrepAway - Latest Free Exam Questions & Answers

Leave a Reply