ANS-C01 · Question #190
ANS-C01 Question #190: Real Exam Question with Answer & Explanation
Sign in or unlock ANS-C01 to reveal the answer and full explanation for question #190. The question stem and answer options stay visible for context.
Question
An ecommerce company needs to implement additional security controls on all its domain names that are hosted in Amazon Route 53. The company's new policy requires data authentication and data integrity verification for all queries to the company's domain names. The current Route 53 architecture has four public hosted zones. A network engineer needs to implement DNS Security Extensions (DNSSEC) signing and validation on the hosted zones. The solution must include an alert capability. Which combination of steps will meet these requirements? (Choose three.)
Options
- AEnable DNSSEC signing for Route 53 Request that Route 53 create a key-signing key (KSK)
- BEnable DNSSEC signing for Route 53 Request that Route 53 create a zone-signing key (ZSK)
- CCreate a chain of trust for the hosted zones by adding a Delegation Signer (DS) record for each
- DCreate a chain of trust for the hosted zones by adding a Delegation Signer (DS) record to the
- ESet up an Amazon CloudWatch alarm that provides an alert whenever a DNSSECInternalFailure
- FSet up an AWS CloudTrail alarm that provides an alert whenever a DNSSECInternalFailure error
Unlock ANS-C01 to see the answer
You've previewed enough free ANS-C01 questions. Unlock ANS-C01 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.