CompTIA Exam XK0-005 Topic 3 Question 57 Discussion

Actual exam question for CompTIA's XK0-005 exam

Question #: 57
Topic #: 3

Users report that they are unable to reach the company website https://www.comptia.org. A systems administrator confirms the issue with the following command:

# curl https://www.comptia.org

curl: (7) Failed to connect to www.comptia.org port 443: No route to host

The administrator logs in to the company's web server to check its configuration and sees the following output:

root@comptia.org:-># firewall-cmd --list-all

public (active)

target: default

icmp-block-inversion: no

interfaces: dummy0 eth0

sources:

services: cockpit dhcpv6-client http ssh

ports: 3001/tcp

protocols:

forward: no

masquerade: no

forward-ports:

source-ports:

icmp-blocks:

rich rules:

rule family="ipv4" source address="61.177.173.6" port port="ssh" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="185.143.45.164" port port="ssh" protocol="tcp" reject type="icmp-port-unreachable"

rule family="ipv4" source address="143.198.60.41" port port="ssh" protocol="tcp" reject type="icmp-port-unreachable"

root@comptia.org:-># ip route

default via 172.31.1.1 dev eth0 proto dhcp src 65.21.187.65 metric 100

10.0.6.0/24 dev dummy0 proto kernel scope link src 10.0.6.65 metric 550

172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1

172.18.0.0/16 dev br-28ac2eaeeca1 proto kernel scope link src 172.18.0.1

172.19.0.0/16 dev br-fb3897555ca3 proto kernel scope link src 172.19.0.1 linkdown

172.31.1.1 dev eth0 proto dhcp scope link src 65.21.187.65 metric 100

192.168.224.0/20 dev br-e949ab177d79 proto kernel scope link src 192.168.224.1 linkdown

192.168.240.0/20 dev br-6adf72ac0ae3 proto kernel scope link src 192.168.240.1 linkdown

Which of the following is causing the issue?

AThe web server's interface has no link.

BThe default route on the web server is incorrect.

CHTTPS traffic is not allowed through the web server firewall.

DUser IP addresses are rejected by the firewall.

Show Suggested Answer

Suggested Answer: C

The curl error 'No route to host' suggests that the server is unreachable on port 443 (HTTPS).

The firewall-cmd --list-all output shows the active firewall rules:

The firewall is only allowing the following services:services: cockpit dhcpv6-client http ssh

Port 443 (HTTPS) is missing from the allowed services list.

Port 3001/tcp is open, but port 443 is not listed, which means HTTPS traffic is being blocked.

The routing table (ip route output) appears correct, as the default route is properly set to 172.31.1.1 via eth0. This rules out option B.

Option A is incorrect because eth0 is active and configured (default via 172.31.1.1 dev eth0), meaning the network interface is not down.

Option D is misleading because the firewall rules are only rejecting SSH traffic from specific IP addresses, not HTTPS traffic.

Fixing the Issue:

To allow HTTPS traffic, the administrator should enable HTTPS in the firewall:

# firewall-cmd --add-service=https --permanent

# firewall-cmd --reload

This will allow HTTPS (port 443) through the firewall.

CompTIA Linux+ Official Documentation

firewalld Documentation - Red Hat

Linux Firewall Configuration - CompTIA Security+ Guide

by Latrice at Aug 03, 2025, 06:37 AM

Limited Time Offer

25%

Off

Get Premium XK0-005 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!