CompTIA Security+ Question D-60

Which of the following firewall rules only denies DNS zone transfers?

A. deny udp any any port 53
B. deny ip any any
C. deny tcp any any port 53
D. deny all dns packets

Answer: C

DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers.