312-50V10 · Question #131
_________ is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attacks types.
The correct answer is A. DNSSEC. DNSSEC (DNS Security Extensions) adds cryptographic authentication to DNS responses to protect against poisoning and spoofing attacks.
Question
_________ is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attacks types.
Options
- ADNSSEC
- BResource records
- CResource transfer
- DZone transfer
How the community answered
(31 responses)- A90% (28)
- B3% (1)
- C3% (1)
- D3% (1)
Why each option
DNSSEC (DNS Security Extensions) adds cryptographic authentication to DNS responses to protect against poisoning and spoofing attacks.
DNSSEC is an IETF standard suite of extensions that uses digital signatures and public-key cryptography to allow DNS resolvers to verify the authenticity and integrity of DNS responses. It provides origin authentication of DNS data, ensuring that records have not been tampered with in transit. This directly mitigates DNS cache poisoning and spoofing attacks.
Resource records are individual DNS data entries (A, MX, CNAME, etc.) - they are the data that DNSSEC protects, not the security mechanism itself.
Resource transfer is not a defined DNS standard or protocol - it is not a real DNS term.
Zone transfer (AXFR/IXFR) is a mechanism for replicating DNS zone data between servers, not a security extension for authenticating DNS responses.
Concept tested: DNSSEC origin authentication and DNS security
Source: https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/dnssec
Topics
Community Discussion
No community discussion yet for this question.