PrepAway - Latest Free Exam Questions & Answers

Which of the following should the company use to fulfil…

A company wants to host a publicity available server that performs the following functions:
+Evaluates MX record lookup
+Can perform authenticated requests for A and AAA records
+Uses RRSIG

Which of the following should the company use to fulfill the above requirements?

PrepAway - Latest Free Exam Questions & Answers

A.
LDAPS

B.
DNSSEC

C.
SFTP

D.
nslookup

E.
dig

PrepAway - Latest Free Exam Questions & Answers

8 Comments on “Which of the following should the company use to fulfil…

  1. Wonder says:

    I cant see any reason why LDAPS should be the right answer. As all hints are pointing to Secure DNS (DNSSEC):

    DNSSEC creates a secure domain name system by adding cryptographic signatures to existing DNS records. These digital signatures are stored in DNS name servers alongside common record types like A, AAAA, MX, CNAME, etc. By checking its associated signature, you can verify that a requested DNS record comes from its authoritative name server and wasn’t altered en-route, opposed to a fake record injected in a man-in-the-middle attack.

    To facilitate signature validation, DNSSEC adds a few new DNS record types:

    RRSIG – Contains a cryptographic signature
    DNSKEY – Contains a public signing key
    DS – Contains the hash of a DNSKEY record
    NSEC and NSEC3 – For explicit denial-of-existence of a DNS record
    CDNSKEY and CDS – For a child zone requesting updates to DS record(s) in the parent zone.

    https://www.cloudflare.com/dns/dnssec/how-dnssec-works/




    10



    4
  2. Tetra-Grammaton-Cleric says:

    Answer: B. DNSSEC

    DNS Security Extensions (DNSSEC) provides, among other things, cryptographic authenticity of responses using Resource Record Signatures (RRSIG) and authenticated denial of existence using Next-Secure (NSEC) and Hashed-NSEC records (NSEC3).




    2



    0
  3. william hall says:

    You are right. DNSSEC uses a PKI to secure the information provided by a DNS server. It does this by signing the DNS responses (via a certificate) before sending them to clients. Thus your requests for A, MX, or any other records are authenticated. An RRSIG record holds the signatures for a set of DNS records. The answer is B not A.




    5



    0
  4. meac says:

    I agree. The give-away key is the fact that “Uses RRSIG”
    At the end of the day, an RRSIG-record holds a DNSSEC signature for a record set (one or more DNS records with the same name and type), thus “A- DNSSEC” is the only possible answer.
    DNS Security Extensions (DNSSEC) provides, among other things, cryptographic authenticity of responses using Resource Record Signatures (RRSIG) and authenticated denial of existence using Next-Secure (NSEC) and Hashed-NSEC records (NSEC3).




    1



    0

Leave a Reply