nerdexam
EC-Council

312-50V13 · Question #109

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

The correct answer is B. Harden DNS servers C. Use split-horizon operation for DNS servers D. Restrict Zone transfers E. Have subnet diversity between DNS servers. Ensuring DNS security involves a multifaceted approach including hardening servers, using architectural segregation, restricting data exposure, and improving resilience.

Submitted by carlos_mx· Mar 6, 2026Vulnerability Analysis

Question

As a securing consultant, what are some of the things you would recommend to a company to ensure DNS security?

Options

  • AUse the same machines for DNS and other applications
  • BHarden DNS servers
  • CUse split-horizon operation for DNS servers
  • DRestrict Zone transfers
  • EHave subnet diversity between DNS servers

How the community answered

(22 responses)
  • A
    18% (4)
  • B
    82% (18)

Why each option

Ensuring DNS security involves a multifaceted approach including hardening servers, using architectural segregation, restricting data exposure, and improving resilience.

AUse the same machines for DNS and other applications

Using the same machines for DNS and other applications increases the attack surface and potential for compromise; it is a poor security practice.

BHarden DNS serversCorrect

Hardening DNS servers involves applying security updates, configuring least privilege, removing unnecessary services, and securing the operating system, significantly reducing the attack surface.

CUse split-horizon operation for DNS serversCorrect

Using split-horizon DNS (also known as split-brain DNS) involves maintaining separate DNS views for internal and external networks, preventing internal network information from being exposed to the internet.

DRestrict Zone transfersCorrect

Restricting zone transfers prevents unauthorized parties from enumerating all hostnames and IP addresses within a domain, which could be used for targeted attacks.

EHave subnet diversity between DNS serversCorrect

Having subnet diversity between DNS servers, often achieved by deploying them in different network segments or availability zones, enhances resilience against network-based attacks and outages.

Concept tested: DNS security best practices

Source: https://learn.microsoft.com/en-us/windows-server/networking/dns/what-is-dns

Topics

#DNS security#split-horizon DNS#zone transfer restriction#server hardening

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice