CompTIA Security+ (SY0-601) — Question 362

A technician is setting up a new firewall on a network segment to allow web traffic to the internet while hardening the network. After the firewall is configured, users receive errors stating the website could not be located. Which of the following would best correct the issue?

Answer options

• A. Setting an explicit deny to all traffic using port 80 instead of 443
• B. Moving the implicit deny from the bottom of the rule set to the top
• C. Configuring the first line in the rule set to allow all traffic
• D. Ensuring that port 53 has been explicitly allowed in the rule set

Correct answer: D

Explanation

The correct answer is D because port 53 is used for DNS queries, which are essential for resolving website addresses. If DNS traffic is blocked, users will be unable to locate websites, resulting in errors. Options A, B, and C do not address the DNS issue, and therefore would not resolve the problem.