nerdexam
ExamsCAS-002Questions#703
CompTIA

CAS-002 · Question #703

CAS-002 Question #703: Real Exam Question with Answer & Explanation

The correct answer is A: Implement a split DNS, only allowing the external DNS server to contain information about. Split DNS separates internal and external DNS zones so that outside queries only reveal records for publicly accessible hosts, preventing enumeration of internal network topology.

Question

The security team for Company XYZ has determined that someone from outside the organization has obtained sensitive information about the internal organization by querying the external DNS server of the company. The security manager is tasked with making sure this problem does not occur in the future. How would the security manager address this problem?

Options

  • AImplement a split DNS, only allowing the external DNS server to contain information about
  • BImplement a split DNS, only allowing the external DNS server to contain information about
  • CImplement a split DNS, only allowing the external DNS server to contain information about
  • DImplement a split DNS, only allowing the internal DNS server to contain information about

Explanation

Split DNS separates internal and external DNS zones so that outside queries only reveal records for publicly accessible hosts, preventing enumeration of internal network topology.

Common mistakes.

  • B. This choice continues exposing more information than necessary on the external DNS server, failing to resolve the information leakage problem the security manager was tasked to fix.
  • C. Restricting only the internal DNS server does not address the root cause, since it is the external DNS server being queried by outsiders that is leaking sensitive organizational data.
  • D. Placing information only on the internal DNS server without also limiting the external DNS server to public records leaves the external server able to expose sensitive details to outside queries.

Concept tested. Split DNS configuration to prevent external information leakage

Reference. https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/split-brain-dns-deployment

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice