Examice

Exam SY0-701 All QuestionsBrowse all questions from this exam

Question 4

An enterprise is trying to limit outbound DNS traffic originating from its internal network. Outbound DNS requests will only be allowed from one device with the IP address 10.50.10.25. Which of the following firewall ACLs will accomplish this goal?

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 10.50.10.25/32 0.0.0.0/0 port 53

Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound permit 0.0.0.0/0 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 10.50.10.25/32 port 53

Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53

Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

Correct Answer: D

To limit outbound DNS traffic, the correct ACL should permit outbound DNS requests from the specific device with IP address 10.50.10.25 and deny all other outbound DNS requests. This can be accomplished by first allowing DNS traffic from the specific IP address and then denying all other DNS traffic. The correct configuration is: Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53, followed by Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53.

Discussion

www_Certifiedumps_comOption: D

**D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53** Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 This ACL will allow outbound DNS traffic only from the device with IP address 10.50.10.25 while blocking all other outbound DNS traffic.

hebifi1

Tested. This is the correct answer.

BaloyitumOption: D

The correct ACL (Access Control List) to accomplish the goal of limiting outbound DNS traffic originating from the internal network to only one device with the IP address 10.50.10.25 would be option D: Copy code Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 This configuration allows outbound DNS requests from the specific IP address 10.50.10.25 and denies outbound DNS requests from any other IP address.

Etc_Shadow28000Option: D

The goal is to allow outbound DNS requests only from the device with the IP address 10.50.10.25 and block all other outbound DNS requests. DNS typically uses port 53. A. - This rule allows all outbound traffic on port 53, and then specifically denies traffic from 10.50.10.25 on port 53. This would effectively block the allowed device, so it's incorrect. B. - This rule allows traffic to 10.50.10.25 on port 53, and then denies all outbound traffic on port 53. Since this is outbound DNS traffic control, the destination should not be 10.50.10.25, making this incorrect. C. - This rule allows all outbound traffic on port 53 and then denies traffic to 10.50.10.25 on port 53. This does not control outbound traffic from the specified IP, so it's incorrect. D. - This rule allows outbound traffic on port 53 only from the IP 10.50.10.25 and then denies all other outbound traffic on port 53. This is the correct configuration. Therefore, the correct firewall ACL to accomplish this goal is: D.

Lanka22Option: D

in Answer C it permits any IP and any subnet mask (0.0.0.0/0.0.0.0) According to the question allow only 10.50.10.25 so the answer should be D

Sweety_Certified7Option: D

The correct option would be: D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 This ACL (Access Control List) configuration allows outbound DNS traffic only from the specified device with the IP address 10.50.10.25 and denies outbound DNS traffic from all other devices on the network.

thea_smithOption: D

D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53** Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 Contact me for full questions with correct answers <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="12667a77733c617f7b667a2022527d67667e7d7d793c717d7f">[email protected]</a>

lurdarodraOption: B

Correct answer is B as it allows outbound traffic for device with IP address 10:50.10.25/32 port 53. All other IP addresses are blocked on port 53 B. Access list outbound permit 0.0.0.0/0 10.50.10.25/32 port 53 Access list : https://shorter.me/SecuritycertificationGuide outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

tladyteaOption: D

D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 Here’s the reasoning: • The first line Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 allows DNS traffic (port 53) from the specific IP address 10.50.10.25 to any destination. • The second line Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 denies DNS traffic (port 53) from any source to any destination, effectively blocking all other outbound DNS traffic.

OlekjsOption: D

D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53 because it only allow the device with the IP address 10.50.10.25 to send outbound DNS request on port 53, and denies all other devices from doing so

oluabi.salamiOption: D

D is the correct answer. Even co-pilot and chatGPT think so too. C is not correct. Co-pilot: Absolutely, setting up Access Control Lists (ACLs) on your firewall is a good way to manage outbound DNS traffic. Here's an example of how you might configure the ACLs to meet your requirements: # Allow DNS requests from 10.50.10.25 access-list 100 permit udp host 10.50.10.25 any eq 53 access-list 100 permit tcp host 10.50.10.25 any eq 53 # Deny DNS requests from any other IP address access-list 100 deny udp any any eq 53 access-list 100 deny tcp any any eq 53

easy02Option: D

D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53** Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

UkwandaOption: B

SHADTECH123Option: D

correct answer is D

hasquaatiOption: D

D, we need to specifically Allow the one IP address that can send outbound DNS

shady23Option: D

D. Access list outbound permit 10.50.10.25/32 0.0.0.0/0 port 53 Access list outbound deny 0.0.0.0/0 0.0.0.0/0 port 53

MehsotopesOption: C

0.0.0.0/0.0.0.0/0 should be used when trying to limit outbound DNS traffic to only one device from the internal network regardless of IP. 0.0.0.0 is an indication of your GATEWAY SURFACE on IPv4. 0.0.0.0/0 10.50.10.25/32, & Would be giving access to all singular communicating devices on port 53 on 10.5010.25.

edmondme

i dont get your C vote, its denying 10.50.10.25 and the question stated that should be allowed? C is just not making sense

cri88Option: D

D is the right one.