Answer-first summary for fast verification
Answer: DNS Security Extensions
The question specifically addresses preventing domain/IP hijacking and redirection to malicious sites via man-in-the-middle attacks, which is a DNS-level threat. DNS Security Extensions (DNSSEC) cryptographically signs DNS records to ensure authenticity and integrity, directly mitigating DNS hijacking and spoofing attacks. The community discussion strongly supports option C with a 100% consensus and high upvotes, emphasizing DNSSEC's role in validating DNS responses and preventing fake DNS responses. While Cloud Armor (B) protects against DDoS and web attacks, it operates at the application layer after DNS resolution, making it less suitable for preventing the initial DNS hijacking. VPC Flow Logs (A) are for network traffic monitoring, and Cloud Identity-Aware Proxy (D) is for access control, neither of which address DNS security.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A customer wants to prevent attackers from hijacking their domain or IP address to redirect users to a malicious site via a man-in-the-middle attack. Which solution should they implement?
A
VPC Flow Logs
B
Cloud Armor
C
DNS Security Extensions
D
Cloud Identity-Aware Proxy
No comments yet.