nerdexam
EC-Council

312-50V11 · Question #827

is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

The correct answer is A. DNSSEC. DNSSEC is the DNS Security Extensions suite that uses public-key cryptography to provide origin authentication and integrity verification for DNS data, protecting against poisoning and spoofing attacks.

Footprinting and Reconnaissance

Question

is a set of extensions to DNS that provide the origin authentication of DNS data to DNS clients (resolvers) so as to reduce the threat of DNS poisoning, spoofing, and similar types of attacks.

Options

  • ADNSSEC
  • BResource records
  • CResource transfer
  • DZone transfer

How the community answered

(19 responses)
  • A
    95% (18)
  • B
    5% (1)

Why each option

DNSSEC is the DNS Security Extensions suite that uses public-key cryptography to provide origin authentication and integrity verification for DNS data, protecting against poisoning and spoofing attacks.

ADNSSECCorrect

DNSSEC, defined in IETF RFCs 4033-4035, extends DNS by adding digital signatures to resource records so that resolvers can cryptographically verify that responses originate from the authoritative source and have not been modified in transit. It directly mitigates DNS cache poisoning and spoofing by providing both data origin authentication and data integrity guarantees.

BResource records

Resource records are the fundamental data units stored in DNS zones (such as A, MX, and CNAME records) and are not a security extension or authentication mechanism.

CResource transfer

Resource transfer is not a defined standard DNS term or protocol; it does not correspond to any recognized DNS security or data-replication mechanism.

DZone transfer

Zone transfer (AXFR/IXFR) is a protocol for replicating DNS zone data from a primary to a secondary server and provides no cryptographic authentication or protection against spoofing.

Concept tested: DNSSEC origin authentication and DNS integrity protection

Source: https://www.ietf.org/rfc/rfc4033.txt

Topics

#DNSSEC#DNS security#DNS poisoning prevention#spoofing mitigation

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice