Certified Information Systems Security Professional (CISSP) — Question 314

Which of the following is a PRIMARY security weakness in the design of Domain Name System (DNS)?

Answer options

• A. Each DNS server must hold the address of the root servers.
• B. A DNS server can be disabled in a denial-of-service (DoS) attack.
• C. A DNS server does not authenticate source of information.
• D. A DNS server database can be injected with falsified checksums.

Correct answer: C

Explanation

The correct answer is C because DNS servers do not have mechanisms to authenticate the source of the information they receive, making them susceptible to attacks like spoofing. Options A and B describe operational aspects of DNS servers but do not represent primary security weaknesses. Option D, while concerning, relates to a specific type of data manipulation rather than a fundamental flaw in the DNS design.