EXERCISE 101.E XERCISE 103R EQUESTING A C ERTIFICATE FROM A W EB S...

2. - MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 9 PPT
MCSE EXAM 70 293 PLANNING AND MAINTAINING A WINDOWS SERVER 2003 NETWORK INFRASTRUCTURE PHẦN 9 PPT
2. You are the administrator of a Windows Server 2003 network.Your boss has just read anarticle on how DNS servers can be compromised so that they will redirect recursive queriesto bogus Web sites that can cause potential harm.Your boss has asked you to ensure that theDNS servers in the DMZ have the highest level of protection possible against this and othertypes of common attacks on DNS servers.You have two DNS servers. DNS-A is used toresolve name mappings for your public Web and mail server.The other DNS server, DNS-B,is used by the internal proxy server to resolve Web site addresses to IP addresses.Whatactions should you take to carry out your boss’s order to provide the highest possible secu-rity against common multiple DNS attacks? (Select the best answer.)A. Enable protection against cache pollution on DNS-B and disable recursion on DNS-AB. Enable protection against cache pollution on DNS-A and disable recursion on DNS-BC. Disable recursion on DNS-A and configure the firewall to not allow any inboundtraffic with destination ports of TCP or UDP port 53 to reach DNS-B D. Disable recursion on DNS-B and configure the firewall to not allow any inboundtraffic with destination ports of TCP or UDP port 25 to reach DNS-A