CISSP Practice полностью

A zone transfer is incorrect because it refers to the way a secondary (slave) server refreshes the entire contents of its zone file from the primary (master) name servers. The dynamic update facility is incorrect because it provides operations for addition and deletion of RRs in the zone file. The DNS NOTIFY message is incorrect because it signals a secondary DNS server to initiate a zone transfer.

213. What does a domain name system (DNS) query originate from?

a. Authoritative name server

b. Resolver

c. Caching name server

d. Recursive name server

213. b. A resolver, a component of DNS, accesses the services provided by a DNS name server on behalf of user programs. A DNS query originates from a resolver; the destination is an authoritative or caching name server.

An authoritative name server for a zone is incorrect because it provides responses to name resolution queries for resources for that zone, using the Resource Records (RRs) in its own zone file. Caching and recursive name servers are incorrect because two primary categories of resolver include (i) caching, recursive, resolving name server and (ii) stub resolver, distinguished by functionality.

214. A user datagram protocol (UDP) packet is associated with which of the following when sending domain name system (DNS) queries?

1. Truncation

2. Little or no truncation

3. Higher overhead

4. Lower overhead

a. 1 only

b. 4 only

c. 1 and 4

d. 2 and 3

214. c. Domain name system (DNS) queries are sent in a single UDP packet. The response usually is a single UDP packet as well, but data size may result in truncation. UDP consumes lower overhead of resources. On the other hand, TCP packet results in little or no truncation but consumes higher overhead of resources.

215. Which of the following is not an example of domain name system (DNS) host platform threats?

a. Buffer overflow attack

b. Zone drift error

c. Packet flooding attack

d. Address resolution protocol spoofing attack

215. b. Zone drift error is a threat due to domain name system (DNS) data contents, not from DNS host platform threats. Zone drift error results in incorrect zone data at the secondary name servers when there is a mismatch of data between the primary and secondary name servers. A buffer overflow attack, a packet flooding attack, and an Address Resolution Protocol (ARP) spoofing attack are examples of DNS host platform threats.

216. All the following are best practice protection approaches for domain name system (DNS) software except:

a. Running name server software with restricted privileges

b. Isolating name server software

c. Developing the zone file integrity checker software

d. Removing name server software from nondesignated hosts

216. c. Developing the zone file integrity checker software is a DNS data content control protection approach, not a DNS software protection approach. The other three choices are incorrect because they are examples of DNS software protection approaches.

217. In domain name system (DNS) transactions, which of the following is not a threat against DNS query/response transactions?

a. Forged response

b. Removal of resource records in responses

c. Incorrect application of wildcard expansion rules

d. Denial-of-service

217. d. Denial-of-service (DoS) is a threat against zone transfer transaction. The other three choices are incorrect because they are examples of threats in a DNS query/response transaction.

218. In domain name system (DNS) transactions, which of the following is not a threat against dynamic update transaction?

a. Unauthorized updates

b. Tampering of messages

c. Spurious notifications

d. Replay attacks

218. c. Spurious notifications are a threat against a DNS NOTIFY message transaction. The other three choices are incorrect because they are examples of threats against dynamic update transactions.

219. Transaction signature (TSIG) is used in which of the following types of domain name system (DNS) transactions?

1. DNS query/response

2. DNS NOTIFY message

3. Zone transfer

4. Dynamic update

a. 1 only

b. 2 only

c. 1 and 2

d. 3 and 4