Which statements about a zone transfer are correct?

Zone transfers are a DNS mechanism for replicating zone data from one DNS server to another. In a full transfer (AXFR), the transfer includes all resource records for the zone, which is why a zone transfer can reveal the entire zone’s information to the receiving server. These transfers happen using the DNS protocol over TCP port 53 to ensure reliable delivery; blocking inbound TCP traffic on port 53 can prevent them, which is a common defense in securing DNS servers. Normal DNS queries use UDP on port 53, but the actual transfer of zone data relies on TCP, so blocking that TCP path stops the transfer. Zone transfers involve DNS, and they can be restricted or blocked with appropriate firewall rules, unlike options that imply UDP-only transfers, no DNS involvement, or partial data transfers.