Which technology provides authentication of DNS traffic?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which technology provides authentication of DNS traffic?

Explanation:
Authentication of DNS data is achieved by DNSSEC. It adds digital signatures to DNS records and a chain of trust from the DNS root down to individual zones. When a resolver receives DNS data, it can verify the signatures against published public keys (DNSKEYs) to confirm that the information came from the legitimate domain authority and has not been altered in transit. This provides origin authentication and data integrity for DNS responses, helping prevent cache poisoning and spoofing. DNSSEC does not encrypt DNS queries or responses, it only signs them to prove authenticity. The other options describe either attack techniques or security at different layers or for other purposes (for example, TLS secures encrypted channels, IPsec protects IP packets), but they are not designed to authenticate DNS records the way DNSSEC does.

Authentication of DNS data is achieved by DNSSEC. It adds digital signatures to DNS records and a chain of trust from the DNS root down to individual zones. When a resolver receives DNS data, it can verify the signatures against published public keys (DNSKEYs) to confirm that the information came from the legitimate domain authority and has not been altered in transit. This provides origin authentication and data integrity for DNS responses, helping prevent cache poisoning and spoofing. DNSSEC does not encrypt DNS queries or responses, it only signs them to prove authenticity. The other options describe either attack techniques or security at different layers or for other purposes (for example, TLS secures encrypted channels, IPsec protects IP packets), but they are not designed to authenticate DNS records the way DNSSEC does.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy