Question: A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests. The security administrator has implemented technical controls to direct DNS
A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests. The security administrator has implemented technical controls to direct DNS requests to the cloud servers but wants to extend the solution to all managed and unmanaged endpoints that may have user-defined DNS manual settings. Which of the following should the security administrator implement to ensure the solution will protect all connected devices?
A. Option A B. Option B C. Option C D. Option D PLEASE PROVIDE AN EXPLANATION FOR THE CORRECT OPTION CHOICE AS WELL AS EXPLANATIONS FOR WHY THE OTHER OPTIONS ARE NOT CORRECT FOR A THUMBS UP. THANK YOU
A. Implement firewall ACLs as follows PERMIT UDP ANY CLOUD SERVER EQ 53 DENY UDP ANY ANY EQ 53 B. Implement NAT as follows: ORIGINAL TRANSLATED SRC IP SRC PORT DST IP DST PORT SRC IP SRC PORT DST PORT DST IP CLOUD SERVER SAME SAME SAME SAME 53 53 PAT POOL C. Implement DHCP options as follows: DHCP DNS1: CLOUD_SERVER1 DHCP DNS2: CLOUD_SERVER2 D. Implement policy routing as follows: 100 PERMIT UDP ANY ANY ANY 53 200 PERMIT UDE PAT_POOL ANY CLOUD_SERVER 53 IP ROUTE_MAP 200 200
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help