Exam N10-009 topic 1 question 227 discussion

A. Disable DoH in users’ internet browsers DNS over HTTPS (DoH) bypasses traditional DNS filtering by encrypting DNS queries. Disabling it ensures that users cannot circumvent the firewall's DNS filtering rules. D. Block port 53 to servers on the internet Blocking port 53 prevents DNS queries from bypassing the configured DNS filtering solution, ensuring all queries go through the firewall. Why Not the Other Options? B: NS records control domain authority and aren't used for DNS filtering. C: Blocking port 443 is too broad and would disrupt legitimate HTTPS traffic. E: Disabling TLS v1.3 weakens overall security and doesn't impact DNS filtering. F: DNSSEC prevents DNS spoofing but doesn't enforce DNS filtering.

A. Disable DoH in users’ internet browsers. DoH (DNS over HTTPS) encrypts DNS queries, making them harder for firewalls to filter. If DoH is enabled, users can bypass the firewall's DNS filtering. Therefore, disabling DoH is essential for the firewall to effectively block malicious websites. B. Update NS record to point to DNS filter servers. NS (Name Server) records specify the DNS servers responsible for a domain. By updating NS records to point to the DNS filter servers, the firewall can intercept and filter DNS queries before they reach external DNS servers.

All the other answers should not be blocked or disabled. 143 - HTTPS important, 53 - DNS IMPORTANT, TLS v1.3 come on now