During a routine audit, the engineering team found suspicious entries in name resolution logs, resulting in misdirection to harmful sites even when employees use correct addresses. Which step best addresses the underlying issue and helps keep record integrity intact going forward?
Enable captive portal login for guest connections
Perform periodic restarts of domain controllers
Require password changes for all employees
Deploy cryptographic verification for domain entries
Deploying cryptographic verification for domain entries (sometimes referred to as DNSSEC) uses digital signatures to protect name resolution data from unauthorized changes. Requiring password changes does not fix altered name resolution information. Captive portals are unrelated to the integrity of domain data and do not remove misdirection. Performing periodic restarts of domain controllers does not eliminate tampered data propagated to other resolvers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNSSEC and how does it help protect domain entries?
Open an interactive chat with Bash
What is DNS spoofing, and why is it a concern?
Open an interactive chat with Bash
What role do domain controllers play in DNS, and why doesn’t restarting them fix tampered data?