CompTIA Network+ (N10-009) — Question 269

An administrator enables DNS filtering on the firewall to block users from visiting malicious websites. Which of the following should the administrator also do? (Choose two.)

Answer options

• A. Disable DoH in users’ internet browsers.
• B. Update NS record to point to DNS filter servers.
• C. Block port 443 to the malicious websites.
• D. Block port 53 to servers on the internet.
• E. Disable TLS v1.3 in users’ internet browsers.
• F. Implement DNSSEC for corporate records.

Correct answer: A, D

Explanation

Disabling DoH in users’ internet browsers is crucial because it prevents DNS queries from bypassing the DNS filtering. Blocking port 53 to servers on the internet is necessary to stop DNS queries from reaching potentially harmful servers. The other options do not effectively enhance the DNS filtering strategy or may introduce unnecessary complications.