nerdexam
F5

101 · Question #451

Select the key question you would use to ask your customer related to DNS attacks?

The correct answer is D. How do you secure your DNS infrastructure against attacks?. The most effective DNS security discovery question is broad and open-ended, prompting the customer to reveal their full security posture rather than confirming a single control.

Section 4: Security Basics

Question

Select the key question you would use to ask your customer related to DNS attacks?

Options

  • ADo you over-provision your DNS infrastructure?
  • BDo you regularly update BIND or some other DNS application to the latest release?
  • CDo you rely on your network firewall to protect your DNS server?
  • DHow do you secure your DNS infrastructure against attacks?

How the community answered

(18 responses)
  • B
    6% (1)
  • D
    94% (17)

Why each option

The most effective DNS security discovery question is broad and open-ended, prompting the customer to reveal their full security posture rather than confirming a single control.

ADo you over-provision your DNS infrastructure?

Asking about over-provisioning addresses capacity and availability planning, not security hardening or attack mitigation strategy.

BDo you regularly update BIND or some other DNS application to the latest release?

Asking only about BIND patching is too narrow - it confirms one specific operational practice without surfacing the broader DNS security posture.

CDo you rely on your network firewall to protect your DNS server?

Asking whether the customer relies solely on a network firewall implies a specific single-control strategy rather than opening a dialogue about comprehensive DNS defense.

DHow do you secure your DNS infrastructure against attacks?Correct

Asking 'How do you secure your DNS infrastructure against attacks?' opens a comprehensive consultative dialogue about the customer's entire DNS security strategy. It invites the customer to reveal gaps across patching, architecture, monitoring, and access controls simultaneously. This broad framing is the foundation of a security discovery conversation and uncovers opportunities a narrow question would miss.

Concept tested: Consultative DNS security discovery questioning

Source: https://www.cisa.gov/news-events/alerts/2019/01/16/dns-infrastructure-tampering

Topics

#DNS attacks#DNS security#security assessment#customer discovery

Community Discussion

No community discussion yet for this question.

Full 101 Practice