During a security review, a team discovers that an intruder altered domain address data in resource records, allowing them to divert traffic to a malicious portal. Which measure best reduces the chance of a similar event recurring?
Shut down additional subdomains under the main domain
Implement domain signature validation for resource records
Signature-based verification methods, such as DNSSEC, use cryptographic validation that helps deter modification of resource record data. This step mitigates tampering attempts by verifying the authenticity of the entries. Other options may offer partial security improvements or address different risks, but they do not prevent an attacker from altering address data in the same manner.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNSSEC and how does it prevent tampering?
Open an interactive chat with Bash
Why are longer refresh times for domain data not as effective?
Open an interactive chat with Bash
How does cryptographic validation compare to address filtering?