Which of the following should be implemented to stop an attacker from mapping out addresses and/or
devices on a network?
A.
Single sign on
B.
IPv6
C.
Secure zone transfers
D.
VoIP
Explanation:
C: A primary DNS server has the “master copy” of a zone, and secondary DNS servers keep copies of the
zone for redundancy. When changes are made to zone data on the primary DNS server, these changes
must be distributed to the secondary DNS servers for the zone. This is done through zone transfers. If you
allow zone transfers to any server, all the resource records in the zone are viewable by any host that can
contact your DNS server. Thus you will need to secure the zone transfers to stop an attacker from
mapping out your addresses and devices on your network.
Incorrect Answers:
A: Single sign-on is about having one password for all resources on a given network. This is not designed
to stop attackers from mapping addresses on your network.
B: IPv6 in the TCP/IP protocol is designed to support 128-bit addresses it is not designed to stop attackers
mapping addresses on your network.
D: Voice over IP (VoIP) is a methodology and group of technologies for the delivery of voice
communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. IT is
not meant to keep attackers from mapping addresses on your network.https://technet.microsoft.com/en-us/library/ee649273%28v=ws.10%29.aspx
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 148