nerdexam
EC-Council

312-50V13 · Question #294

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On whi

The correct answer is A. Port 53. DNS Tunneling with NSTX Port 53 is correct because it is the standard port for DNS (Domain Name System) traffic, and DNS tunneling tools like NSTX encapsulate data within DNS queries and responses to bypass firewalls - firewalls typically allow DNS traffic on Port 53 to pass free

Submitted by manish99· Mar 6, 2026Evading IDS, Firewalls, and Honeypots

Question

Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On which of the following ports should Robin run the NSTX tool?

Options

  • APort 53
  • BPort 23
  • CPort 50
  • DPort 80

How the community answered

(42 responses)
  • A
    88% (37)
  • B
    2% (1)
  • C
    2% (1)
  • D
    7% (3)

Explanation

DNS Tunneling with NSTX

Port 53 is correct because it is the standard port for DNS (Domain Name System) traffic, and DNS tunneling tools like NSTX encapsulate data within DNS queries and responses to bypass firewalls - firewalls typically allow DNS traffic on Port 53 to pass freely, making it an ideal covert channel for data exfiltration. Port 23 is associated with Telnet, Port 80 is used for HTTP web traffic, and Port 50 is linked to the Encapsulating Security Payload (ESP) protocol used in IPSec - none of these are relevant to DNS operations or NSTX functionality.

Memory Tip: Think "DNS = 53" - just remember that DNS tunneling hides inside normal DNS traffic, so it must run on the DNS port (53) to blend in and avoid detection. If you remember that DNS always uses Port 53, you'll always get DNS-related tool questions correct on the exam.

Topics

#DNS tunneling#Firewall evasion#Data exfiltration#Port 53#NSTX

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice