XK0-005 · Question #354
XK0-005 Question #354: Real Exam Question with Answer & Explanation
The correct answer is D: Use the firevalid command to open tcp/80 both with and without the -permanent switch.. This question addresses a common issue where firewall rules added without persistence are lost after a system reboot or kernel update.
Question
A network administrator installed a web server on a Linux host and added a firevalid command to open port tcp/80. The web server worked without error until an updated and patch kernel was installed on the system a month later. Now users are unable to access the web server even though the service is running, which of the following would fix the issue?
Options
- AUse the firevalid command to open the HTTP application service rather than the port.
- BChange the firevalid zone t private and open port tcp/80.
- CIssue an additional firevalid command to open up port tcp/443 as well as port tcp/80.
- DUse the firevalid command to open tcp/80 both with and without the -permanent switch.
Explanation
This question addresses a common issue where firewall rules added without persistence are lost after a system reboot or kernel update.
Common mistakes.
- A. While opening the HTTP service is a good practice, it doesn't address the core problem of lost runtime rules after a reboot or update.
- B. Changing the
firewalldzone might alter the scope of rules but does not fix the issue of rules not persisting after a reboot orfirewalldrestart. - C. Opening port
tcp/443(HTTPS) is for secure web traffic, not HTTP, and is unrelated to the issue of thetcp/80rule being lost.
Concept tested. Firewalld persistent rules
Reference. https://firewalld.org/documentation/man-pages/firewall-cmd.html
Topics
Community Discussion
No community discussion yet for this question.