A Linux administrator is hardening a new web server. The administrator needs to configure the system's firewalld service to allow incoming HTTPS traffic. Following best practices for clarity and future maintenance, which of the following commands should the administrator use to permanently open the necessary access?
The correct command is sudo firewall-cmd --permanent --zone=public --add-service=https. Using --add-service=https is the best practice for standard services because it is more descriptive and maintainable than specifying the port number directly. The service definition file (https.xml) maps the service name to its standard port (443) and protocol (tcp). Using --add-port=443/tcp works, but it is less descriptive. The command sudo firewall-cmd --add-service=https is incorrect because it lacks the --permanent flag, meaning the rule would not persist after a reboot or firewall reload. The command sudo firewall-cmd --permanent --zone=public --add-port=https/tcp is syntactically incorrect because the --add-port option requires a numeric port number, not a service name.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is firewalld in Linux?
Open an interactive chat with Bash
Why is using --add-service preferred over --add-port?
Open an interactive chat with Bash
What does the --permanent flag do in firewall-cmd?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access