A customer needs to prevent attackers from hijacking their domain/IP and redirecting users to a malicious site through a man-in-the-middle attack. Which solution should this customer use?
Correct Answer is (C):
DNSSEC — use a DNS registrar that supports DNSSEC, and enable it. DNSSEC digitally signs DNS communication, making it more difficult (but not impossible) for hackers to intercept and spoof.
Domain Name System Security Extensions (DNSSEC) adds security to the Domain Name System (DNS) protocol by enabling DNS responses to be validated. Having a trustworthy Domain Name System (DNS) that translates a domain name like www.example.com into its associated IP address is an increasingly important building block of today’s web-based applications. Attackers can hijack this process of domain/IP lookup and redirect users to a malicious site through DNS hijacking and man-in-the-middle attacks. DNSSEC helps mitigate the risk of such attacks by cryptographically signing DNS records. As a result, it prevents attackers from issuing fake DNS responses that may misdirect browsers to nefarious websites.
https://cloud.google.com/blog/products/gcp/dnssec-now-available-in-cloud-dns
C. Attackers can hijack this process of domain/IP lookup and redirect users to a malicious site through DNS hijacking and man-in-the-middle attacks. DNSSEC helps mitigate the risk of such attacks by cryptographically signing DNS records. As a result, it prevents attackers from issuing fake DNS responses that may misdirect browsers to nefarious websites.
Its man in the middle attack protection. The traffic first needs to reach cloud armour before you can make use of cloud armour related protection. DNS can be hijacked if you dont use DNSSEC. Its your DNS that needs to resolve the initial request before traffic is directed to cloud armour. Option C is most appropriate measure. (think of sequencing of how traffic will flow)
The answers from rest of the folks are complete unreliable. The right answer is Cloud Armor based on my Hands-On labs in Qwiklabs. Reason:
Creating a policy in Cloud Armor sends 403 forbidden message for man-in-the middle-attack. Reference: https://cloud.google.com/blog/products/identity-security/identifying-and-protecting-against-the-largest-ddos-attacks Some more: https://cloud.google.com/armor Refer this lab: https://www.qwiklabs.com/focuses/1232?catalog_rank=%7B%22rank%22%3A1%2C%22num_filters%22%3A0%2C%22has_search%22%3Atrue%7D&parent=catalog&search_id=8696512
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ESP_SAP
Highly Voted 2 years, 5 months agoKameswara
Highly Voted 1 year, 11 months agoAzureDP900
Most Recent 5 months, 3 weeks agoGCP72
8 months agominostrozaml2
1 year, 3 months agoshreenine
1 year, 6 months agosc_cloud_learn
1 year, 11 months agoASG
2 years, 2 months agobolu
2 years, 3 months agoKyubiBlaze
1 year, 7 months ago[Removed]
2 years, 6 months agosaurabh1805
2 years, 6 months agoMohitA
2 years, 8 months agobigdo
2 years, 8 months agoArizonaClassics
2 years, 8 months agoKILLMAD
3 years, 1 month ago