ISACA’s glossary defines DNS poisoning as a cyberattack that alters DNS records to redirect users to fraudulent websites. Since the attack mechanism is DNS manipulation, the strongest control among the choices is DNS server security hardening. That directly addresses the infrastructure being targeted.
Option A can reduce user susceptibility but does not directly prevent redirection attacks. Option B can help at the endpoint, but it does not address poisoned or compromised DNS infrastructure as directly as DNS hardening. Option D is designed mainly to protect web applications from HTTP-layer attacks, not to stop DNS-based traffic redirection.
References (Official ISACA):
ISACA Glossary, Domain name system (DNS) poisoning.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit