CompTIA XK0-006 Exam - Topic 2 Question 3 Discussion

Actual exam question for CompTIA's XK0-006 exam

Question #: 3
Topic #: 2

A Linux administrator is testing a web application on a laboratory service and needs to temporarily allow DNS and HTTP/HTTPS traffic from the internal network. Which of the following commands will accomplish this task?

Afirewalld -- add-service=dns, http,https -- zone=internal

Biptables -- enable-service='dns|http|https' -- zone=internal

Cfirewall-cmd --add-service={dns, http, https} --zone=internal

Dsystemctl mask firewalld --for={dns, http, https} --zone=internal

Show Suggested Answer

Suggested Answer: C

Comprehensive and Detailed Explanation From Exact Extract:

The correct way to temporarily allow specific services in a particular zone with firewalld is to use firewall-cmd --add-service=service --zone=zone. Multiple services can be specified in curly braces and separated by commas. The correct syntax is:

bash

CopyEdit

firewall-cmd --add-service={dns,http,https} --zone=internal

This command will allow DNS (port 53), HTTP (port 80), and HTTPS (port 443) through the firewall for the 'internal' zone temporarily (for the current runtime session).

Other options:

A . The command syntax is incorrect; firewalld is a service, not a command-line tool.

B . iptables does not use the --enable-service flag, nor does it have zones in this way.

D . systemctl mask disables services, and the rest of the command is invalid.

CompTIA Linux+ Study Guide: Exam XK0-006, Sybex, Chapter 9: 'Networking', Section: 'Managing Firewalls with firewalld'

CompTIA Linux+ XK0-006 Objectives, Domain 2.0: Networking

===========

by Rene at Mar 31, 2026, 02:24 AM

Limited Time Offer

25%

2 months ago

I think the command should be related to firewalld since it's commonly used in modern Linux systems, but I'm not sure about the exact syntax.

upvoted 0 times

...