nerdexam
EC-Council

312-50V13 · Question #95

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advan

The correct answer is C. Install DNS Anti-spoofing. To prevent DNS spoofing, which involves an attacker injecting false DNS responses, dedicated anti-spoofing measures are required.

Submitted by andres_qro· Mar 6, 2026System Hacking

Question

Let's imagine three companies (A, B and C), all competing in a challenging global environment. Company A and B are working together in developing a product that will generate a major competitive advantage for them. Company A has a secure DNS server while company B has a DNS server vulnerable to spoofing. With a spoofing attack on the DNS server of company B, company C gains access to outgoing e-mails from company B. How do you prevent DNS spoofing?

Options

  • AInstall DNS logger and track vulnerable packets
  • BDisable DNS timeouts
  • CInstall DNS Anti-spoofing
  • DDisable DNS Zone Transfer

How the community answered

(39 responses)
  • A
    5% (2)
  • B
    8% (3)
  • C
    69% (27)
  • D
    18% (7)

Why each option

To prevent DNS spoofing, which involves an attacker injecting false DNS responses, dedicated anti-spoofing measures are required.

AInstall DNS logger and track vulnerable packets

Installing a DNS logger and tracking packets helps detect and analyze spoofing attempts after they occur, but it does not actively prevent them.

BDisable DNS timeouts

Disabling DNS timeouts would likely cause operational issues and potentially make the server more vulnerable or unresponsive, rather than preventing spoofing.

CInstall DNS Anti-spoofingCorrect

Implementing DNS anti-spoofing techniques, such as DNSSEC (DNS Security Extensions) for cryptographic validation of DNS responses, source port randomization, and transaction ID randomization, is the most direct and effective way to prevent DNS spoofing attacks.

DDisable DNS Zone Transfer

Disabling DNS Zone Transfer prevents the unauthorized bulk retrieval of DNS records (reconnaissance), but it does not directly stop an attacker from injecting fraudulent DNS responses, which is the core of a spoofing attack.

Concept tested: DNS spoofing prevention

Source: https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/dnssec/dnssec-overview

Topics

#DNS spoofing#DNS security#anti-spoofing#DNSSEC

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice