nerdexam
Exams101Questions#463
F5

101 · Question #463

101 Question #463: Real Exam Question with Answer & Explanation

The correct answer is A: How do you secure you DNS infrastructure against attacks?. When assessing a customer's DNS security posture, the most effective discovery question is open-ended and covers the full scope of their security strategy rather than a single tactical control.

Section 4: Security Basics

Question

Select the question you would ask your customer related to DNS attacks. Based on the material, choose the most appropriate question.

Options

  • AHow do you secure you DNS infrastructure against attacks?
  • BDo you rely on your network firewall to protect you DNS server?
  • CDo you over-provision your DNS infrastructure?
  • DDo you regularly update BIND or some other DNS application to the latest release?

Explanation

When assessing a customer's DNS security posture, the most effective discovery question is open-ended and covers the full scope of their security strategy rather than a single tactical control.

Common mistakes.

  • B. Asking only about firewall protection is too narrow because network firewalls do not address DNS-specific attack vectors such as cache poisoning, DNS amplification, or zone transfer exploitation.
  • C. Over-provisioning is a capacity strategy that may reduce impact from volumetric attacks but is not a security control and does not address non-volumetric DNS threats like spoofing or hijacking.
  • D. Keeping DNS software patched is a single tactical hygiene measure and does not reveal the breadth of the customer's overall DNS security posture or strategy.

Concept tested. DNS security posture discovery questioning

Reference. https://www.cisa.gov/news-events/alerts/2019/01/24/dns-infrastructure-tampering

Topics

#DNS attacks#DNS security#customer discovery

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 101 Practice