A company wants to host a publicity available server that performs the following functions:
+Evaluates MX record lookup
+Can perform authenticated requests for A and AAA records
+Uses RRSIG
Which of the following should the company use to fulfill the above requirements?
A.
LDAPS
B.
DNSSEC
C.
SFTP
D.
nslookup
E.
dig
Hi!
I have checked all SY0-501 exam questions here, a lot of wrong answers,
and,
many questions about new SY0-501 exam objectives are missed,
I do recommend you to learn the latest 2018 new SY0-501 dumps here:
http://www.comptiadump.com/category/comptia-security-plus-certification/sy0-501-exam-dumps
(WRONG ANSWERS HAVE BEEN CORRECTED)
Good luck!!!
5
2,605
Or,
here you can get the SY0-501 exam passing comments here:
https://www.gratisexam.com/comptia/sy0-501-exam/
(Reading the FB comments there)
Good luck, all!!!
1
15
I cant see any reason why LDAPS should be the right answer. As all hints are pointing to Secure DNS (DNSSEC):
DNSSEC creates a secure domain name system by adding cryptographic signatures to existing DNS records. These digital signatures are stored in DNS name servers alongside common record types like A, AAAA, MX, CNAME, etc. By checking its associated signature, you can verify that a requested DNS record comes from its authoritative name server and wasn’t altered en-route, opposed to a fake record injected in a man-in-the-middle attack.
To facilitate signature validation, DNSSEC adds a few new DNS record types:
RRSIG – Contains a cryptographic signature
DNSKEY – Contains a public signing key
DS – Contains the hash of a DNSKEY record
NSEC and NSEC3 – For explicit denial-of-existence of a DNS record
CDNSKEY and CDS – For a child zone requesting updates to DS record(s) in the parent zone.
https://www.cloudflare.com/dns/dnssec/how-dnssec-works/
11
4
dnssec is correct
3
0
Answer: B. DNSSEC
DNS Security Extensions (DNSSEC) provides, among other things, cryptographic authenticity of responses using Resource Record Signatures (RRSIG) and authenticated denial of existence using Next-Secure (NSEC) and Hashed-NSEC records (NSEC3).
2
0
You are right. DNSSEC uses a PKI to secure the information provided by a DNS server. It does this by signing the DNS responses (via a certificate) before sending them to clients. Thus your requests for A, MX, or any other records are authenticated. An RRSIG record holds the signatures for a set of DNS records. The answer is B not A.
5
0
I believe the answer is DNSSEC.
2
0
I agree. The give-away key is the fact that “Uses RRSIG”
At the end of the day, an RRSIG-record holds a DNSSEC signature for a record set (one or more DNS records with the same name and type), thus “A- DNSSEC” is the only possible answer.
DNS Security Extensions (DNSSEC) provides, among other things, cryptographic authenticity of responses using Resource Record Signatures (RRSIG) and authenticated denial of existence using Next-Secure (NSEC) and Hashed-NSEC records (NSEC3).
1
0