CISSP · Question #777
From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?
The correct answer is D. Limit zone transfers to authorized devices.. From a security perspective, the best practice to configure a DNS system is to limit zone transfers to authorized devices. Zone transfers are the processes of replicating the DNS data from one server to another, usually from a primary server to a secondary server. Zone transfers
Question
Options
- AConfigure secondary servers to use the primary server as a zone forwarder.
- BBlock all Transmission Control Protocol (TCP) connections.
- CDisable all recursive queries on the name servers.
- DLimit zone transfers to authorized devices.
How the community answered
(66 responses)- A3% (2)
- B2% (1)
- C5% (3)
- D91% (60)
Explanation
From a security perspective, the best practice to configure a DNS system is to limit zone transfers to authorized devices. Zone transfers are the processes of replicating the DNS data from one server to another, usually from a primary server to a secondary server. Zone transfers can expose sensitive information about the network topology, hosts, and services to attackers, who can use this information to launch further attacks. Therefore, zone transfers should be restricted to only the devices that need them, and authenticated and encrypted to prevent unauthorized access or modification.
Topics
Community Discussion
No community discussion yet for this question.