CompTIA Security+ (SY0-501) — Question 629

A security technician is configuring a new firewall appliance for a production environment. The firewall must support secure web services for client workstations on the 10.10.10.0/24 network. The same client workstations are configured to contact a server at 192.168.1.15/24 for domain name resolution. Which of the following rules should the technician add to the firewall to allow this connectivity for the client workstations? (Choose two.)

Answer options

• A. Permit 10.10.10.0/24 0.0.0.0 ג€"p tcp --dport 22
• B. Permit 10.10.10.0/24 0.0.0.0 ג€"p tcp --dport 80
• C. Permit 10.10.10.0/24 192.168.1.15/24 ג€"p udp --dport 21
• D. Permit 10.10.10.0/24 0.0.0.0 ג€"p tcp --dport 443
• E. Permit 10.10.10.0/24 192.168.1.15/24 ג€"p tcp --dport 53
• F. Permit 10.10.10.0/24 192.168.1.15/24 ג€"p udp --dport 53

Correct answer: D, E

Explanation

The correct answers are D and E because rule D allows secure web traffic (HTTPS) on port 443, which is essential for secure web services, while rule E permits DNS queries over TCP on port 53, necessary for domain name resolution. The other options either do not support the required service or are intended for different protocols or ports that do not address the connectivity needs.