exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam

Exam SY0-701 topic 1 question 4 discussion

Actual exam question from CompTIA's SY0-701
Question #: 4
Topic #: 1
[All SY0-701 Questions]

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

  • A. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
    Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53
  • B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
    Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
  • C. Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53
    Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53
  • D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
    Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Baloyitum
Highly Voted 10 months, 1 week ago
The correct ACL (Access Control List) to accomplish the goal of limiting outbound DNS traffic originating from the internal network to only one device with the IP address 10.50.10.25 would be option D: Copy code Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 This configuration allows outbound DNS requests from the specific IP address 10.50.10.25 and denies outbound DNS requests from any other IP address.
upvoted 18 times
...
kedu
Most Recent 1 week, 1 day ago
Selected Answer: D
Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
upvoted 2 times
...
JackExam2025
3 weeks ago
Selected Answer: D
Outbound DNS traffic needs to be allowed only from 10.50.10.25. To achieve this, you first need to permit traffic from 10.50.10.25 to port 53 (DNS). Then, you need to deny all other traffic to port 53.
upvoted 1 times
...
Hasss
1 month ago
Selected Answer: D
Becuase its the only answer that has the same IP address on the outbound permit
upvoted 1 times
...
JRCHENRY
2 months, 3 weeks ago
Selected Answer: D
Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
upvoted 1 times
...
MaxiPrince
3 months ago
Selected Answer: D
Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
upvoted 1 times
...
Rafili
3 months, 1 week ago
Selected Answer: D
The line  permit 10.50.10.25/32 0.0.0.0/0 port 53  allows DNS traffic only from the specified device (10.50.10.25) to any destination. The line  deny 0.0.0.0/0 0.0.0.0/0 port 53  blocks all other DNS traffic from any other device in the internal network. So answer D for 100% sure!
upvoted 1 times
...
Juls74
3 months, 3 weeks ago
Selected Answer: D
Permit 10.50.10.25/32 0.0.0.0/0 port 53: This rule allows outbound DNS requests from the device with the IP address 10.50.10.25. Deny 0.0.0.0/0 0.0.0.0/0 port 53: This rule denies all other outbound DNS requests from any other devices on any IP address. This combination ensures that only the specific device with IP address 10.50.10.25 can send outbound DNS requests, effectively limiting the outbound DNS traffic as desired.
upvoted 2 times
...
MZAINUL
3 months, 3 weeks ago
Selected Answer: D
This configuration allows outbound DNS requests from the specific IP address 10.50.10.25 and denies outbound DNS requests from any other IP address.
upvoted 1 times
...
Luswepo
5 months, 2 weeks ago
Selected Answer: D
The correct firewall ACL configuration that will allow only the device with IP address 10.50.10.25 to send outbound DNS traffic while blocking all other devices is: D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port** Explanation: - The first line allows outbound DNS requests (port 53) only from the device with IP address 10.50.10.25. - The second line denies all other outbound DNS traffic from any other IP address. This achieves the goal of limiting DNS traffic to a single device.
upvoted 2 times
...
d1f9467
6 months, 4 weeks ago
Selected Answer: D
C: this option first allows all DNS traffic and then attempts to block traffic to 10.50.10.25, which is not the target.
upvoted 1 times
...
Grouthorax
7 months, 1 week ago
Selected Answer: D
C is wrong. The statement would allow outbound DNS traffic from any IP and deny outbound traffic from IP 10.50.10.25 which is the opposite of what it asks for. Correct answer is D
upvoted 2 times
...
tladytea
8 months ago
Selected Answer: D
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 Here’s the reasoning: • The first line Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 allows DNS traffic (port 53) from the specific IP address 10.50.10.25 to any destination. • The second line Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 denies DNS traffic (port 53) from any source to any destination, effectively blocking all other outbound DNS traffic.
upvoted 3 times
...
Olekjs
8 months ago
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 because it only allow the device with the IP address 10.50.10.25 to send outbound DNS request on port 53, and denies all other devices from doing so
upvoted 1 times
...
oluabi.salami
8 months, 1 week ago
D is the correct answer. Even co-pilot and chatGPT think so too. C is not correct. Co-pilot: Absolutely, setting up Access Control Lists (ACLs) on your firewall is a good way to manage outbound DNS traffic. Here's an example of how you might configure the ACLs to meet your requirements: # Allow DNS requests from 10.50.10.25 access-list 100 permit udp host 10.50.10.25 any eq 53 access-list 100 permit tcp host 10.50.10.25 any eq 53 # Deny DNS requests from any other IP address access-list 100 deny udp any any eq 53 access-list 100 deny tcp any any eq 53
upvoted 1 times
...
easy02
8 months, 1 week ago
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53** Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
upvoted 1 times
...
Ukwanda
8 months, 4 weeks ago
Correct answer is B as it allows outbound traffic for device with IP address 10:50.10.25/32 port 53. All other IP addresses are blocked on port 53 B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago