Register
A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests. The security administrator has implemented technical controls to direct DNS requests to the cloud
65.6k views
4 votes
A company wants to implement a cloud-based security solution that will sinkhole malicious DNS requests. The security administrator has implemented technical controls to direct DNS requests to the cloud servers but wants to extend the solution to all managed and unmanaged endpoints that may have user-defined DNS manual settings.

Which of the following should the security administrator implement to ensure the solution will protect all connected devices?

A. Implement firewall ACLs as follows: PERMIT UDP ANY CLOUD_SERVER EQ 53 DENY UDP ANY ANY EQ 53
B. Implement NAT as follows: (Image)
C. Implement DHCP options as follows: DHCP DNS1: CLOUD_SERVER1 DHCP DNS2: CLOUD_SERVER2
D. Implement policy routing as follows: 100 PERMIT UDP ANY ANY ANY 53 200 PERMIT UDP PAT_POOL ANY CLOUD_SERVER 53 IP ROUTE_MAP 200 200

User Jeremycg
by
8.2k points

1 Answer

2 votes

Final answer:

To protect all connected devices with a cloud-based security solution, the security administrator should implement DHCP options that specify the company's DNS servers. This ensures devices automatically use the correct DNS settings provided by the DHCP server.Correct option is c) Implement DHCP options as follows: DHCP DNS1: CLOUD_SERVER1 DHCP DNS2: CLOUD_SERVER2

Step-by-step explanation:

The security administrator's objective is to ensure that all connected devices, whether managed or unmanaged, use the company's cloud-based security solution to sinkhole malicious DNS requests. To achieve this, the administrator should enforce that all devices use the specified DNS servers, irrespective of any user-defined DNS settings on the devices.

Option C suggests implementing DHCP options to specify the DNS servers that devices should use. This approach is effective because when devices connect to the network, they typically obtain their network configuration from the DHCP server. By configuring the DHCP server with the cloud-based security solution's DNS servers (DHCP DNS1: CLOUD_SERVER1 and DHCP DNS2: CLOUD_SERVER2), all devices that accept DHCP settings will automatically use the correct DNS servers, thereby extending protection to all connected devices.

User Artem Vyshniakov
by
6.9k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.8m questions

11.4m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Link Copied!