nerdexam
ExamsCAS-001Questions#42
CompTIA

CAS-001 · Question #42

CAS-001 Question #42: Real Exam Question with Answer & Explanation

The correct answer is C: key company-key.{. Secure DNS zone transfers are implemented using TSIG (Transaction SIGnature), which uses a shared HMAC-based secret key to authenticate zone transfer requests. The correct primary DNS configuration (Option C) includes a 'key' block defining the TSIG key and an 'allow-transfer' di

Question

A company has a primary DNS server at address 192.168.10.53 and a secondary server at 192.168.20.53. An administrator wants to secure a company by only allowing secure zone transfers to the secondary server. Which of the following should appear in the primary DNS configuration file to accomplish this?

Options

  • Akey company-key.{
  • Bkey company-key.{
  • Ckey company-key.{
  • Dkey company-key.{

Explanation

Secure DNS zone transfers are implemented using TSIG (Transaction SIGnature), which uses a shared HMAC-based secret key to authenticate zone transfer requests. The correct primary DNS configuration (Option C) includes a 'key' block defining the TSIG key and an 'allow-transfer' directive that references the secondary server IP (192.168.20.53) combined with that key, ensuring only authenticated requests from the secondary server are honored. The other options represent incomplete or incorrect configurations of the TSIG key or allow-transfer directive.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice