During a routine audit, the engineering team found suspicious entries in name resolution logs, resulting in misdirection to harmful sites even when employees use correct addresses. Which step best addresses the underlying issue and helps keep record integrity intact going forward?
Require password changes for all employees
Enable captive portal login for guest connections
Perform periodic restarts of domain controllers
Deploy cryptographic verification for domain entries
Deploying cryptographic verification for domain entries (sometimes referred to as DNSSEC) uses digital signatures to protect name resolution data from unauthorized changes. Requiring password changes does not fix altered name resolution information. Captive portals are unrelated to the integrity of domain data and do not remove misdirection. Performing periodic restarts of domain controllers does not eliminate tampered data propagated to other resolvers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNSSEC and why is it important?
Open an interactive chat with Bash
How does cryptographic verification protect DNS records?