Certified Information Systems Auditor (CISA) — Question 105

An organization experienced a domain name system (DNS) attack caused by default user accounts not being removed from one of the servers. Which of the following would have been the BEST way to mitigate the risk of this DNS attack?

Answer options

• A. Require all employees to attend training for secure configuration management.
• B. Have a third party configure the virtual servers.
• C. Configure the servers from an approved standard configuration.
• D. Configure the intrusion prevention system (IPS) to identify DNS attacks.

Correct answer: C

Explanation

The best way to mitigate the risk of the DNS attack is to configure the servers from an approved standard configuration (C), as this would ensure that unnecessary default accounts are removed. While training employees (A) is beneficial, it does not directly address the immediate security flaw. Having a third party configure the servers (B) may not guarantee that best practices are followed. Configuring the IPS to identify DNS attacks (D) is reactive rather than proactive, and does not prevent the existence of vulnerabilities in the first place.