What should you configure on Server1?

You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS
Server server role installed.
You need to recommend changes to the DNS infrastructure to protect the cache from cache
poisoning attacks.
What should you configure on Server1?

You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS
Server server role installed.
You need to recommend changes to the DNS infrastructure to protect the cache from cache
poisoning attacks.
What should you configure on Server1?

A.
DNS cache locking

B.
The global query block list

C.
DNS Security Extensions (DNSSEC)

D.
DNS devolution



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Sjoerd Stefma

Sjoerd Stefma

Correct:

Configuring the socket pool. The socket pool enables a DNS server to use source port randomization when issuing DNS queries. This provides enhanced security against cache poisoning attacks. The socket pool is enabled with default settings on computers that have installed security update MS08-037: Microsoft Security Bulletin MS08-037 – Important, Vulnerabilities in DNS Could Allow Spoofing (953230) (http://go.microsoft.com/fwlink/?LinkID=148634). You can also customize socket pool settings. For information, see Configure the Socket Pool.

Configuring cache locking. When you enable cache locking, the DNS server will not allow cached records to be overwritten for the duration of the time to live (TTL). Cache locking also provides for enhanced security against cache poisoning attacks. Cache locking is available if your DNS server is running Windows Server 2008 R2. You can also customize the settings used for cache locking. For more information, see Configure Cache Locking.

Source: https://technet.microsoft.com/en-us/library/ee649237(v=ws.10).aspx