CompTIA Network+ (N10-009) — Question 246

A network administrator is concerned with on-path attacks and wants to provide encryption of fully qualified domain names in outbound communications. Which of the following best describes the protocol that provides the proper security layer for internet communication?

Answer options

• A. SSL
• B. DoH
• C. TLS
• D. DNSSEC

Correct answer: B

Explanation

The correct answer, DoH (DNS over HTTPS), specifically encrypts DNS queries, protecting them from on-path attacks. SSL and TLS are protocols for securing general web traffic but do not specifically address DNS query encryption. DNSSEC is used for ensuring the authenticity and integrity of DNS data, but it does not provide encryption.