Question: A security engineer is assessing the controls that are in place to secure the corporate-Internet-facing DNS server. The engineer notices that security ACLs exist but
A security engineer is assessing the controls that are in place to secure the corporate-Internet-facing DNS server. The engineer notices that security ACLs exist but are not being used properly. The DNS server should respond to any source but only provide information about domains it has authority over. Additionally, the DNS administrator have identified some problematic IP addresses that should not be able to make DNS requests. Given the ACLs below:
Which of the following should the security administrator configure to meet the DNS security needs?
FOR AN UPVOTE PLEASE PROVIDE AN EXPLANATION TO THE CORRECT OPTION CHOICE AS WELL AS WHY THE OTHE OPTION CHOICES ARE NOT CORRECT. THANK YOU
acl secondary-dns { 192.168.1.54; }; acl internal-nets { 192.168.1.0/24; }; acl blacklist-ips { 244.0.22.39; 12.122.1.0/24; 122.64.8.80; A. zone "company.com" in { type "master"; file "company.hosts"; allow-query { any; }; allow-transfer { !blacklist-ips; }; B. zone "company.com" in { type "master"; file "company.hosts"; allow-query { secondary-dns; internal-nets; !blacklist-ips; ; }; allow-transfer {none; }; C. zone "company.com" in { type "master"; file "company.hosts"; allow-query { internal-nets; !blacklist-ips; }; allow-transfer {none; }; D. zone "company.com" in { type "master"; file "company.hosts"; allow-query {any; !blacklist-ips; }; allow-transfer { secondary-dns; }; }
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help