ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 194 discussion

Actual exam question from CompTIA's SY0-601
Question #: 194
Topic #: 1
[All SY0-601 Questions]

A Chief Information Security Officer wants to ensure the organization is validating and checking the integrity of zone transfers. Which of the following solutions should be implemented?

  • A. DNSSEC
  • B. LDAPS
  • C. NGFW
  • D. DLP
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by okay123 at Sept. 4, 2022, 11:33 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
okay123
Highly Voted 2 years, 9 months ago
A zone file is a text based file with a format defined in RFC 1035 and 1034 and is stored on a DNS server (name server). Zone files contain the IP and name data, MX records and other service records. They also contain glue data that connects them to the other DNS servers.The default behavior for DNS zone transfer permits any host to request and receive a full zone transfer for a Domain. This is a security issue since DNS data can be used to decipher the topology of a company’s network. The information obtained can be used for malicious exploitation such as DNS poisoning/spoofing. This is like an anonymous person calling the receptionist to request and receive the entire company’s telephone and address book. https://www.giac.org/paper/gsec/2668/securing-dns-zone-transfer/104562
upvoted 27 times
...
rodwave
Highly Voted 2 years, 7 months ago
Selected Answer: A
Domain Name System Security Extensions (DNSSEC) is a set of specifications that extend the DNS protocol by adding cryptographic authentication
upvoted 12 times
...
LordJaraxxus
Most Recent 1 year, 3 months ago
Selected Answer: A
DNSSEC is a suite of extensions to DNS that provides validation for DNS responses. It adds a Resource Record Signature (RRSIG), commonly referred to as a digital signature, to each record. The RRSIG provides data integrity and authentication for DNS replies. If a DNS server receives a DNSSECenabled response with digitally signed records, the DNS server knows that the response is valid.
upvoted 2 times
...
ApplebeesWaiter1122
1 year, 11 months ago
Selected Answer: A
DNSSEC (Domain Name System Security Extensions) is a suite of extensions to DNS that adds an extra layer of security to the DNS infrastructure. One of the key features of DNSSEC is to provide a mechanism for validating and checking the integrity of zone transfers between DNS servers. It helps to prevent DNS spoofing and other attacks that can occur during zone transfers by ensuring the authenticity and integrity of DNS data. By implementing DNSSEC, the organization can enhance the security of its DNS infrastructure and protect against potential attacks that might exploit vulnerabilities in zone transfers.
upvoted 4 times
...
LeonardSnart
2 years, 1 month ago
Selected Answer: A
"Domain Name System Security Extensions (DNSSEC) A suite of security extensions proposed and used by the US government and other entities that allows for secure DNS queries and zone transfers. DNSSEC provides the capability to authenticate DNS information from known and trusted servers." -Mike Meyers Security+ Certification Guide SY0-601 Third Edition
upvoted 4 times
...
comeragh
2 years, 8 months ago
Selected Answer: A
Zone transfers - DNS related. Agree with A being the correct answer here.
upvoted 3 times
...
gen2dee
2 years, 9 months ago
Selected Answer: A
correct
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel