An administrator enables DNS filtering on the firewall to block users from visiting malicious websites. Which of the following should the administrator also do? (Choose two.)
An administrator enables DNS filtering on the firewall to block users from visiting malicious websites. Which of the following should the administrator also do? (Choose two.)
All the other answers should not be blocked or disabled. 143 - HTTPS important, 53 - DNS IMPORTANT, TLS v1.3 come on now
Doh, DNS over HTTPS btw
A. Disable DoH in users’ internet browsers. DoH (DNS over HTTPS) encrypts DNS queries, making them harder for firewalls to filter. If DoH is enabled, users can bypass the firewall's DNS filtering. Therefore, disabling DoH is essential for the firewall to effectively block malicious websites. B. Update NS record to point to DNS filter servers. NS (Name Server) records specify the DNS servers responsible for a domain. By updating NS records to point to the DNS filter servers, the firewall can intercept and filter DNS queries before they reach external DNS servers.
A. Disable DoH in users’ internet browsers DNS over HTTPS (DoH) bypasses traditional DNS filtering by encrypting DNS queries. Disabling it ensures that users cannot circumvent the firewall's DNS filtering rules. D. Block port 53 to servers on the internet Blocking port 53 prevents DNS queries from bypassing the configured DNS filtering solution, ensuring all queries go through the firewall. Why Not the Other Options? B: NS records control domain authority and aren't used for DNS filtering. C: Blocking port 443 is too broad and would disrupt legitimate HTTPS traffic. E: Disabling TLS v1.3 weakens overall security and doesn't impact DNS filtering. F: DNSSEC prevents DNS spoofing but doesn't enforce DNS filtering.
Disabling DoH (DNS over HTTPS) in user browsers can be beneficial in scenarios where it interferes with specific network security policies or filtering mechanisms. DoH, while enhancing privacy, can bypass local DNS resolvers, potentially circumventing parental controls or web filtering implemented by organizations or individualsweb traffic Updating the NS (Name Server) record to point to DNS filter servers changes where the internet looks for your domain's DNS records. This allows you to use a DNS filtering service to block malicious websites or content
A and F. Websites can be hosted internally as well so I feel DNSSEC is valid. DoH also seems right. Disabling 53 will not work well in my opinion. B seems invalid for DNS filtering. E is dumb.