During a security review, a team discovers that an intruder altered domain address data in resource records, allowing them to divert traffic to a malicious portal. Which measure best reduces the chance of a similar event recurring?
Use longer refresh times on domain data
Restrict local subnets with address filtering
Shut down additional subdomains under the main domain
Implement domain signature validation for resource records
Signature-based verification methods, such as DNSSEC, use cryptographic validation that helps deter modification of resource record data. This step mitigates tampering attempts by verifying the authenticity of the entries. Other options may offer partial security improvements or address different risks, but they do not prevent an attacker from altering address data in the same manner.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNSSEC, and how does it prevent tampering with resource records?
Open an interactive chat with Bash
What is DNS cache poisoning, and how does it relate to altered resource records?
Open an interactive chat with Bash
Are there any limitations or challenges when implementing DNSSEC?