Examice

Exam GCIH All QuestionsBrowse all questions from this exam

Question 112

Following the recent acquisition of a new business, your manager asks you to investigate their DNS service and report back on its status. He is concerned as they only have one DNS server in the organization and it is visible on the Internet. What actions and recommendations should be taken as a first step?

Review the logs of the acquired business' firewall for port 53 traffic. Add a firewall rule to block port 53 traffic.

Ensure zone transfer requests from the acquired business' DNS server are disabled. Propose a plan to migrate the DNS service to your split-DNS infrastructure.

Use the nslookup command to direct the aquired business' DNS server to transfer its records to your primary DNS server. Block all other traffic at the firewall.

Remove the acquired business' DNS server from the network. Import its database entries into your secure infrastructure.

Correct Answer: B

The best course of action is to ensure zone transfer requests from the acquired business' DNS server are disabled, as unauthorized zone transfers can expose sensitive information. Additionally, proposing a plan to migrate the DNS service to a split-DNS infrastructure will enhance security by separating internal and external DNS traffic, which reduces the risk of exposing internal DNS information to potential threats on the internet.

Discussion

straleOption: B

It's B. By blocking 53 you would disable all DNS action (name resolvement and transfer) - this is not a solution. Best option is to disable unauthorised zone transfer and securly migrate DNS of new company to your infrastructure and split private and public DNS