CompTIA
CAS-002 · Question #303
CAS-002 Question #303: Real Exam Question with Answer & Explanation
The correct answer is B: Authentication. DNSSEC uses cryptographic digital signatures to verify that DNS responses are authentic and have not been tampered with, satisfying authentication and integrity goals.
Question
A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure. Which of the following security goals does this meet? (Select TWO).
Options
- AAvailability
- BAuthentication
- CIntegrity
- DConfidentiality
- EEncryption
Explanation
DNSSEC uses cryptographic digital signatures to verify that DNS responses are authentic and have not been tampered with, satisfying authentication and integrity goals.
Common mistakes.
- A. DNSSEC does not improve availability - it adds validation overhead and does not address uptime, redundancy, or resilience against denial-of-service attacks.
- D. DNSSEC does not provide confidentiality because DNS queries and responses remain in plaintext; it only signs records, it does not encrypt them.
- E. DNSSEC uses digital signatures for validation purposes, not encryption - the DNS data itself is not encrypted, so confidentiality of the query or response content is not achieved.
Concept tested. DNSSEC security properties - authentication and integrity
Reference. https://www.rfc-editor.org/rfc/rfc4033
Community Discussion
No community discussion yet for this question.