An organization wishes to provide better security for its name resolution services. Which of the following technologies BEST supports the deployment of DNSSEC at the organization?
PKI is part of the DNSSEC, as everyone has said it is required. But the question asks about providing better security for DNSSEC. PKI provides the authentication, while TLS provides the secure transmission?
Part of what makes the actual exam so difficult is the fact that there are multiple answers that could be correct. However, the "BEST" is what you should focus on. TLS is essentially the "new and improved" SSL, making it the "BEST" of the options.
I like provided answer.
In any case, you should be aware that the DNSSEConlyauthorizes name resolution; the data transmitted receives no protection. This means it’s essential to combine this technology with encrypted transmission protocols like TSL.
Reference
1. https://www.ionos.com/digitalguide/server/know-how/dnssec-internet-standards-for-authenticated-name-resolution/
It is a technology.. "A Public Key Infrastructure (PKI) is a group of technologies used to request, create, manage, store, distribute, and revoke digital certificates."
the answer is E. note, DNSSEC already has security measures to prevent against DNS cache poisoning. To provide better security, PKI is needed to attach signatures to DNS query responses.
I agree with you on this. It needs a certificate to do this and the only option available for this is PKI. I wish the moderators can commit to reviewing and updating the answers. The information on this site should be reliable enough
E. PKI.....My reasoning, is that when you are deploying something you are assigning something, which I believe is the PKI being assigned to DNSSec so that a TLS connection can then be made. Also, Public Key Infrastructure (PKI) is a technology for authenticating users and devices in the digital world.....TLS is a security protocol that provides privacy and data integrity over Internet communications. Just my thoughts.
"**supports** the deployment of DNSSEC". I interpreted this to mean, "yes, we're doing DNSSEC, but what goes best with it". Also, DNSSEC secures DNS at the application layer, but TLS will secure DNS at the underlying/supporting transport layer. I think these kinds of semantics really matter on this exam, which is a bit unfair
This is the question,
-Which of the following technologies BEST supports the deployment of DNSSEC at the organization?
so, how TLS\SSL would support the deployment?
from the GAGC book,
One of the primary methods of preventing DNS cache poisoning is with Domain Name System Security Extensions ( DNSSEC ). DNSSEC is a suite of extensions to DNS that provides validation for DNS responses. It adds a digital signature to each record that provides data integrity. If a DNS server receives a DNSSEC-enabled response with digitally signed records, the DNS server knows that the response is valid.
based on that DNSSEC uses digital signatures! so it needs PKI to be able to wrok with Digital Signatures
I agree that the answer should be (E), PKI.
"[DNSSEC] allows you to verify the responses that you’re getting from a DNS server. You can make sure that it’s really coming from the correct origin, and you can make sure the information that you’re receiving is exactly what was sent from the DNS server. DNSSEC does this using public key cryptography."
https://www.professormesser.com/security-plus/sy0-501/secure-protocols/
C - The question states "BETTER SECURITY for its name resolution" - PKI doesn't encrypt DNS records - it only adds a digital signature. TLS uses PKI certificates to authenticate parties communicating with each other. So TLS incorporates PKI. therefore when you use TLS you are using PKI as well. BETTER SECURITY.
This section is not available anymore. Please use the main Exam Page.SY0-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
JohnMArston54
Highly Voted 5 years, 2 months agop3n15okay
3 years, 9 months agoMohawk
Highly Voted 4 years, 2 months agoslackbot
Most Recent 5 months, 2 weeks agoboydmwanza
3 years, 10 months agodylanf6
3 years, 10 months agoDion79
3 years, 10 months agoamerigo
4 years, 2 months agosec__
4 years, 5 months agoNot_My_Name
4 years, 7 months agoShinyBluePen
4 years, 7 months agonakres64
4 years, 2 months agoDon_H
4 years, 9 months agoTeza
4 years, 8 months agoTeeTime87
4 years, 10 months agoavgeek63
4 years, 10 months agoHot_156
4 years, 10 months agoHot_156
4 years, 10 months agokdce
4 years, 11 months agoMeredith
4 years, 11 months agorenegade_xt
4 years, 11 months agoMelvinJohn
5 years agoandy_sunday
4 years, 12 months ago