An organization is using DNS services for their network and want to help improve the security of the DNS infrastructure. Which action accomplishes this task?
A.
Use DNSSEC between the endpoints and Cisco Umbrella DNS servers.
B.
Modify the Cisco Umbrella configuration to pass queries only to non-DNSSEC capable zones.
C.
Integrate Cisco Umbrella with Cisco CloudLock to ensure that DNSSEC is functional.
D.
Configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers.
DNSSEC (Domain Name System Security Extensions) is a technology that protects DNS from cache poisoning and spoofing attacks by digitally signing DNS data with cryptographic keys. DNSSEC ensures the integrity and authenticity of DNS responses, preventing attackers from redirecting traffic to malicious domains. Cisco Umbrella supports DNSSEC by performing validation on queries sent from Umbrella resolvers to upstream authorities. This means that Umbrella will only accept DNS responses that are signed and verified by the authoritative servers for each domain. To enable DNSSEC validation, the organization needs to configure Cisco Umbrella and use DNSSEC for domain authentication to authoritative servers. This will ensure that Umbrella resolvers will reject any forged or tampered DNS responses and provide secure DNS resolution for the organization’s network. References :=
Some possible references are:
Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 2: Network Security, Lesson 2.5: Implement DNS Security
What is DNSSEC and Why Is It Important? - Cisco Umbrella
DNSSEC General Availability – Cisco Umbrella
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit