(ISC)2(ISC)2
CISSP · Question #870
CISSP Question #870: Real Exam Question with Answer & Explanation
The correct answer is A: Integrity. DNSSEC signs DNS records cryptographically to ensure that DNS responses have not been tampered with, making integrity its primary goal.
Submitted by chen.hong· Mar 5, 2026Communication and Network Security
Question
What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?
Options
- AIntegrity
- BConfidentiality
- CAccountability
- DAvailability
Explanation
DNSSEC signs DNS records cryptographically to ensure that DNS responses have not been tampered with, making integrity its primary goal.
Common mistakes.
- B. DNSSEC does not encrypt DNS query or response data, so it provides no confidentiality; DNS over HTTPS (DoH) or DNS over TLS (DoT) are the mechanisms used for that purpose.
- C. Accountability refers to tracking actions to specific users or entities; DNSSEC authenticates data origin but does not log or attribute user activity in any way.
- D. Availability concerns ensuring services remain accessible; DNSSEC does not protect against denial-of-service attacks and can actually introduce additional overhead that slightly impacts availability.
Concept tested. DNSSEC purpose and DNS data integrity
Reference. https://learn.microsoft.com/en-us/windows-server/networking/dns/dnssec-overview
Topics
#DNSSEC#DNS security#data integrity#network protocols
Community Discussion
No community discussion yet for this question.