nerdexam
ExamsSY0-301Questions#652
CompTIA

SY0-301 · Question #652

SY0-301 Question #652: Real Exam Question with Answer & Explanation

The correct answer is C: Secure zone transfers. Securing DNS zone transfers prevents attackers from querying DNS servers to enumerate all hostnames and IP addresses on a network.

Question

Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network?

Options

  • ASingle sign on
  • BIPv6
  • CSecure zone transfers
  • DVoIP

Explanation

Securing DNS zone transfers prevents attackers from querying DNS servers to enumerate all hostnames and IP addresses on a network.

Common mistakes.

  • A. Single sign-on is an authentication mechanism that consolidates login credentials and has no effect on network enumeration or DNS record exposure.
  • B. IPv6 changes the addressing scheme but does not inherently prevent network mapping; attackers can enumerate IPv6 addresses through other means.
  • D. VoIP is a voice communication protocol and is entirely unrelated to preventing network address or device discovery.

Concept tested. DNS zone transfer security and network enumeration prevention

Reference. https://learn.microsoft.com/en-us/windows-server/networking/dns/manage/zone-transfers

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice