EC-Council
312-50V10 · Question #372
312-50V10 Question #372: Real Exam Question with Answer & Explanation
The correct answer is A: Configure the firewall to allow traffic on TCP ports 53 and UDP port 53.. The ability to reach web servers by IP but not by URL indicates DNS resolution is failing, requiring both TCP and UDP port 53 to be opened on the firewall.
Question
Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the response from the server. What should the administrator do next?
Options
- AConfigure the firewall to allow traffic on TCP ports 53 and UDP port 53.
- BConfigure the firewall to allow traffic on TCP ports 80 and UDP port 443.
- CConfigure the firewall to allow traffic on TCP port 53.
- DConfigure the firewall to allow traffic on TCP port 8080.
Explanation
The ability to reach web servers by IP but not by URL indicates DNS resolution is failing, requiring both TCP and UDP port 53 to be opened on the firewall.
Common mistakes.
- B. TCP port 80 is HTTP and TCP port 443 is HTTPS - these are web traffic ports, not DNS; opening them would not restore hostname resolution, and UDP 443 is QUIC, not standard HTTPS.
- C. Opening only TCP port 53 is insufficient because DNS queries are predominantly sent over UDP port 53, so standard lookups would still be blocked.
- D. TCP port 8080 is an alternate HTTP proxy port and has no relation to DNS name resolution or the described symptom.
Concept tested. DNS port requirements TCP and UDP 53
Reference. https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-over-tcp
Community Discussion
No community discussion yet for this question.