An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?
A.
Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53
B.
Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
C.
Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53
D.
Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
The correct ACL (Access Control List) to accomplish the goal of limiting outbound DNS traffic originating from the internal network to only one device with the IP address 10.50.10.25 would be option D:
Copy code
Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
This configuration allows outbound DNS requests from the specific IP address 10.50.10.25 and denies outbound DNS requests from any other IP address.
Outbound DNS traffic needs to be allowed only from 10.50.10.25.
To achieve this, you first need to permit traffic from 10.50.10.25 to port 53 (DNS).
Then, you need to deny all other traffic to port 53.
The line permit 10.50.10.25/32 0.0.0.0/0 port 53 allows DNS traffic only from the specified device (10.50.10.25) to any destination.
The line deny 0.0.0.0/0 0.0.0.0/0 port 53 blocks all other DNS traffic from any other device in the internal network.
So answer D for 100% sure!
Permit 10.50.10.25/32 0.0.0.0/0 port 53: This rule allows outbound DNS requests from the device with the IP address 10.50.10.25.
Deny 0.0.0.0/0 0.0.0.0/0 port 53: This rule denies all other outbound DNS requests from any other devices on any IP address.
This combination ensures that only the specific device with IP address 10.50.10.25 can send outbound DNS requests, effectively limiting the outbound DNS traffic as desired.
The correct firewall ACL configuration that will allow only the device with IP address 10.50.10.25 to send outbound DNS traffic while blocking all other devices is:
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port**
Explanation:
- The first line allows outbound DNS requests (port 53) only from the device with IP address 10.50.10.25.
- The second line denies all other outbound DNS traffic from any other IP address.
This achieves the goal of limiting DNS traffic to a single device.
C is wrong. The statement would allow outbound DNS traffic from any IP and deny outbound traffic from IP 10.50.10.25 which is the opposite of what it asks for.
Correct answer is D
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
Here’s the reasoning:
• The first line Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 allows DNS traffic (port 53) from the specific IP address 10.50.10.25 to any destination.
• The second line Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 denies DNS traffic (port 53) from any source to any destination, effectively blocking all other outbound DNS traffic.
D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
because it only allow the device with the IP address 10.50.10.25 to send outbound DNS request on port 53, and denies all other devices from doing so
D is the correct answer. Even co-pilot and chatGPT think so too. C is not correct.
Co-pilot:
Absolutely, setting up Access Control Lists (ACLs) on your firewall is a good way to manage outbound DNS traffic. Here's an example of how you might configure the ACLs to meet your requirements:
# Allow DNS requests from 10.50.10.25
access-list 100 permit udp host 10.50.10.25 any eq 53
access-list 100 permit tcp host 10.50.10.25 any eq 53
# Deny DNS requests from any other IP address
access-list 100 deny udp any any eq 53
access-list 100 deny tcp any any eq 53
Correct answer is B as it allows outbound traffic for device with IP address 10:50.10.25/32 port 53.
All other IP addresses are blocked on port 53
B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53
Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Baloyitum
Highly Voted 10 months, 1 week agokedu
Most Recent 1 week, 2 days agoJackExam2025
3 weeks, 1 day agoHasss
1 month agoJRCHENRY
2 months, 3 weeks agoMaxiPrince
3 months agoRafili
3 months, 1 week agoJuls74
3 months, 3 weeks agoMZAINUL
3 months, 3 weeks agoLuswepo
5 months, 2 weeks agod1f9467
7 months agoGrouthorax
7 months, 2 weeks agotladytea
8 months agoOlekjs
8 months agooluabi.salami
8 months, 1 week agoeasy02
8 months, 2 weeks agoUkwanda
9 months ago