nerdexam
EC-Council

312-50V11 · Question #131

312-50V11 Question #131: Real Exam Question with Answer & Explanation

The correct answer is A. DNSSEC. DNSSEC is the set of IETF extensions that adds cryptographic signatures to DNS records, enabling resolvers to verify data authenticity and integrity against poisoning and spoofing.

Scanning Networks

Question

_________ is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attacks types.

Options

  • ADNSSEC
  • BResource records
  • CResource transfer
  • DZone transfer

Explanation

DNSSEC is the set of IETF extensions that adds cryptographic signatures to DNS records, enabling resolvers to verify data authenticity and integrity against poisoning and spoofing.

Common mistakes.

  • B. Resource records (A, MX, CNAME, etc.) are the standard data entries stored in DNS zones; they carry information but provide no authentication or security mechanism on their own.
  • C. Resource transfer is not a recognized DNS protocol or specification; it does not describe any real DNS security or data-transfer mechanism.
  • D. Zone transfer (AXFR/IXFR) is a replication mechanism that copies DNS zone data from a primary to a secondary server and is not related to authenticating DNS responses for clients.

Concept tested. DNSSEC origin authentication against DNS spoofing and poisoning

Reference. https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en

Topics

#DNSSEC#DNS security#DNS poisoning prevention#origin authentication

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V11 Practice
is a set of extensions to DNS that provide to DNS clients... | 312-50V11 Q#131 Answer | NerdExam