SY0-501 · Question #6
SY0-501 Question #6: Real Exam Question with Answer & Explanation
The correct answer is C: TLS. DNSSEC relies on cryptographic signing and validation of DNS records to ensure integrity and authenticity, and TLS provides the underlying transport security that best supports secure DNS deployments.
Question
An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment DNSSEC at the organization?
Options
- ALDAP
- BTPM
- CTLS
- DSSL
- EPW
Explanation
DNSSEC relies on cryptographic signing and validation of DNS records to ensure integrity and authenticity, and TLS provides the underlying transport security that best supports secure DNS deployments.
Common mistakes.
- A. LDAP (Lightweight Directory Access Protocol) is used for directory services and authentication lookups, not for securing DNS name resolution or supporting DNSSEC deployment.
- B. TPM (Trusted Platform Module) is a hardware-based security chip used for storing cryptographic keys and ensuring platform integrity, but it does not directly support DNSSEC deployment for name resolution.
- D. SSL (Secure Sockets Layer) is a deprecated predecessor to TLS with known vulnerabilities and is no longer considered a best practice for securing communications, making TLS the preferred choice.
- E. PW (Password) is a basic authentication mechanism that does not provide the cryptographic transport security or integrity verification needed to support DNSSEC deployment.
Concept tested. Securing DNS with DNSSEC and transport layer encryption
Reference. https://learn.microsoft.com/en-us/windows-server/networking/dns/dnssec-overview
Community Discussion
No community discussion yet for this question.