A network administrator wants to block both DNS requests and zone transfers coming from outside IP
addresses. The company uses a firewall which implements an implicit allow and is currently configured with the
following ACL applied to its external interface.
PERMIT TCP ANY ANY 80
PERMIT TCP ANY ANY 443Which of the following rules would accomplish this task? (Choose two.)
Change the firewall default settings so that it implements an implicit deny
Apply the current ACL to all interfaces of the firewall
Remove the current ACL
Add the following ACL at the top of the current ACLDENY TCP ANY ANY 53
Add the following ACL at the bottom of the current ACLDENY ICMP ANY ANY 53
Add the following ACL at the bottom of the current ACLDENY IP ANY ANY 53
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a
resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny
DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers. These are zone file
exchanges between DNS servers, special manual queries, or used when a response exceeds 512 bytes. UDP
port 53 is used for most typical DNS queries.