DNSSEC (Domain Name System Security Extensions) is handled at the DNS infrastructure and resolver level, rather than at the application code level. As long as the underlying DNS resolvers and infrastructure support DNSSEC, applications typically don’t require any additional changes to start benefiting from the secure DNS lookups.
It's very unlikely this question is asked just to be pointless and with no action needed. I think as per specified by contributor DA95, option C is correct.
To facilitate signature validation, DNSSEC adds a few new DNS record types:
RRSIG - Contains a cryptographic signature
DNSKEY - Contains a public signing key
DS - Contains the hash of a DNSKEY record
NSEC and NSEC3 - For explicit denial-of-existence of a DNS record
CDNSKEY and CDS - For a child zone requesting updates to DS record(s) in the parent zone.
In order to implement DNSSEC, some changes to application code may be necessary. DNSSEC is a security extension to the Domain Name System (DNS) that provides authentication for DNS lookups. To implement DNSSEC, application code may need to be updated to perform additional DNS lookups in order to verify the authenticity of DNS records. This may involve adding code to perform cryptographic operations in order to validate DNSSEC signatures. Therefore, the correct answer is option C, "Additional DNS lookups."
This section is not available anymore. Please use the main Exam Page.CCSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MaciekMT
2 months agoArashV
2 months, 3 weeks agonzboy123
3 months, 3 weeks agoDA95
4 months, 1 week agoakg001
11 months, 1 week ago