CISSP Question #777: Real Exam Question with Answer & Explanation

The correct answer is D: Limit zone transfers to authorized devices.. From a security perspective, the best practice to configure a DNS system is to limit zone transfers to authorized devices. Zone transfers are the processes of replicating the DNS data from one server to another, usually from a primary server to a secondary server. Zone transfers

Submitted by miguelv· Mar 5, 2026Communication and Network Security

Question

From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?

Options

AConfigure secondary servers to use the primary server as a zone forwarder.
BBlock all Transmission Control Protocol (TCP) connections.
CDisable all recursive queries on the name servers.
DLimit zone transfers to authorized devices.

Explanation

From a security perspective, the best practice to configure a DNS system is to limit zone transfers to authorized devices. Zone transfers are the processes of replicating the DNS data from one server to another, usually from a primary server to a secondary server. Zone transfers can expose sensitive information about the network topology, hosts, and services to attackers, who can use this information to launch further attacks. Therefore, zone transfers should be restricted to only the devices that need them, and authenticated and encrypted to prevent unauthorized access or modification.

Topics

#DNS security#zone transfer#best practices#network hardening

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions