nerdexam
EC-Council

312-50V10 · Question #372

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able

The correct answer is A. Configure the firewall to allow traffic on TCP ports 53 and UDP port 53.. The ability to reach web servers by IP but not by URL indicates DNS resolution is failing, requiring both TCP and UDP port 53 to be opened on the firewall.

Scanning Networks

Question

Employees in a company are no longer able to access Internet web sites on their computers. The network administrator is able to successfully ping IP address of web servers on the Internet and is able to open web sites by using an IP address in place of the URL. The administrator runs the response from the server. What should the administrator do next?

Options

  • AConfigure the firewall to allow traffic on TCP ports 53 and UDP port 53.
  • BConfigure the firewall to allow traffic on TCP ports 80 and UDP port 443.
  • CConfigure the firewall to allow traffic on TCP port 53.
  • DConfigure the firewall to allow traffic on TCP port 8080.

How the community answered

(37 responses)
  • A
    73% (27)
  • B
    8% (3)
  • C
    5% (2)
  • D
    14% (5)

Why each option

The ability to reach web servers by IP but not by URL indicates DNS resolution is failing, requiring both TCP and UDP port 53 to be opened on the firewall.

AConfigure the firewall to allow traffic on TCP ports 53 and UDP port 53.Correct

DNS uses UDP port 53 for standard queries and TCP port 53 for responses that exceed 512 bytes (such as DNSSEC or large records) as well as zone transfers. Opening both protocols on port 53 ensures complete DNS functionality. Since users can browse by IP but not by hostname, the firewall is blocking DNS lookups, and both transport protocols must be permitted for reliable name resolution.

BConfigure the firewall to allow traffic on TCP ports 80 and UDP port 443.

TCP port 80 is HTTP and TCP port 443 is HTTPS - these are web traffic ports, not DNS; opening them would not restore hostname resolution, and UDP 443 is QUIC, not standard HTTPS.

CConfigure the firewall to allow traffic on TCP port 53.

Opening only TCP port 53 is insufficient because DNS queries are predominantly sent over UDP port 53, so standard lookups would still be blocked.

DConfigure the firewall to allow traffic on TCP port 8080.

TCP port 8080 is an alternate HTTP proxy port and has no relation to DNS name resolution or the described symptom.

Concept tested: DNS port requirements TCP and UDP 53

Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-over-tcp

Topics

#DNS#port 53#firewall rules#network troubleshooting

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice