Designing and Implementing a Server Infrastructure — Question 27

You have a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.
You need to recommend changes to the DNS infrastructure to protect the cache from cache poisoning attacks.
What should you configure on Server1?

Answer options

• A. DNS cache locking
• B. The global query block list
• C. DNS Security Extensions (DNSSEC)
• D. DNS devolution

Correct answer: A

Explanation

The correct answer is A, DNS cache locking, as it helps prevent cache poisoning by ensuring that cached records are not overwritten during the time-lock period. Option B, the global query block list, is used to restrict certain queries but does not specifically protect against cache poisoning. Option C, DNS Security Extensions (DNSSEC), enhances security but is not the same mechanism as cache locking, while option D, DNS devolution, is unrelated to cache protection.