312-50V13 · Question #95
Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advan
The correct answer is C. Install DNS Anti-spoofing. To prevent DNS spoofing, which involves an attacker injecting false DNS responses, dedicated anti-spoofing measures are required.
Question
Options
- AInstall DNS logger and track vulnerable packets
- BDisable DNS timeouts
- CInstall DNS Anti-spoofing
- DDisable DNS Zone Transfer
How the community answered
(39 responses)- A5% (2)
- B8% (3)
- C69% (27)
- D18% (7)
Why each option
To prevent DNS spoofing, which involves an attacker injecting false DNS responses, dedicated anti-spoofing measures are required.
Installing a DNS logger and tracking packets helps detect and analyze spoofing attempts after they occur, but it does not actively prevent them.
Disabling DNS timeouts would likely cause operational issues and potentially make the server more vulnerable or unresponsive, rather than preventing spoofing.
Implementing DNS anti-spoofing techniques, such as DNSSEC (DNS Security Extensions) for cryptographic validation of DNS responses, source port randomization, and transaction ID randomization, is the most direct and effective way to prevent DNS spoofing attacks.
Disabling DNS Zone Transfer prevents the unauthorized bulk retrieval of DNS records (reconnaissance), but it does not directly stop an attacker from injecting fraudulent DNS responses, which is the core of a spoofing attack.
Concept tested: DNS spoofing prevention
Source: https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/dnssec/dnssec-overview
Topics
Community Discussion
No community discussion yet for this question.