SCS-C02 · Question #41
SCS-C02 Question #41: Real Exam Question with Answer & Explanation
Sign in or unlock SCS-C02 to reveal the answer and full explanation for question #41. The question stem and answer options stay visible for context.
Question
A company needs to implement DNS Security Extensions (DNSSEC) for a specific subdomain. The subdomain is already registered with Amazon Route 53. A security engineer has enabled DNSSEC signing and has created a key-signing key (KSK). When the security engineer tries to test the configuration, the security engineer receives an error for a broken trust chain. What should the security engineer do to resolve this error?
Options
- AReplace the KSK with a zone-signing key (ZSK).
- BDeactivate and then activate the KSK.
- CCreate a Delegation Signer (DS) record in the parent hosted zone.
- DCreate a Delegation Signer (DS) record in the subdomain.
Unlock SCS-C02 to see the answer
You've previewed enough free SCS-C02 questions. Unlock SCS-C02 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.