Which of the following should the company use to fulfil…

A company wants to host a publicity available server that performs the following functions:
+Evaluates MX record lookup
+Can perform authenticated requests for A and AAA records
+Uses RRSIG

Which of the following should the company use to fulfill the above requirements?

A company wants to host a publicity available server that performs the following functions:
+Evaluates MX record lookup
+Can perform authenticated requests for A and AAA records
+Uses RRSIG

Which of the following should the company use to fulfill the above requirements?

A.
LDAPS

B.
DNSSEC

C.
SFTP

D.
nslookup

E.
dig

Show Hint

Next question →

Leave a Reply 6

Hatam Mirzaee

Hi!

I have checked all SY0-501 exam questions here, a lot of wrong answers,

and,

many questions about new SY0-501 exam objectives are missed,

I do recommend you to learn the latest 2018 new SY0-501 dumps here:

http://www.comptiadump.com/category/comptia-security-plus-certification/sy0-501-exam-dumps

(WRONG ANSWERS HAVE BEEN CORRECTED)

Good luck!!!

Hatam Mirzaee

Or,

here you can get the SY0-501 exam passing comments here:

https://www.gratisexam.com/comptia/sy0-501-exam/

(Reading the FB comments there)

Good luck, all!!!

Wonder

I cant see any reason why LDAPS should be the right answer. As all hints are pointing to Secure DNS (DNSSEC):

DNSSEC creates a secure domain name system by adding cryptographic signatures to existing DNS records. These digital signatures are stored in DNS name servers alongside common record types like A, AAAA, MX, CNAME, etc. By checking its associated signature, you can verify that a requested DNS record comes from its authoritative name server and wasn’t altered en-route, opposed to a fake record injected in a man-in-the-middle attack.

To facilitate signature validation, DNSSEC adds a few new DNS record types:

RRSIG – Contains a cryptographic signature
DNSKEY – Contains a public signing key
DS – Contains the hash of a DNSKEY record
NSEC and NSEC3 – For explicit denial-of-existence of a DNS record
CDNSKEY and CDS – For a child zone requesting updates to DS record(s) in the parent zone.

https://www.cloudflare.com/dns/dnssec/how-dnssec-works/

kontol

dnssec is correct

Tetra-Grammaton-Cleric

Answer: B. DNSSEC

DNS Security Extensions (DNSSEC) provides, among other things, cryptographic authenticity of responses using Resource Record Signatures (RRSIG) and authenticated denial of existence using Next-Secure (NSEC) and Hashed-NSEC records (NSEC3).

william hall

You are right. DNSSEC uses a PKI to secure the information provided by a DNS server. It does this by signing the DNS responses (via a certificate) before sending them to clients. Thus your requests for A, MX, or any other records are authenticated. An RRSIG record holds the signatures for a set of DNS records. The answer is B not A.