Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SCS-C02 Topic 4 Question 12 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 12
Topic #: 4
[All SCS-C02 Questions]

A company needs to implement DNS Security Extensions (DNSSEC) for a specific subdomain. The subdomain is already registered with Amazon Route 53. A security engineer has enabled DNSSEC signing and has created a key-signing key (KSK). When the security engineer tries to test the configuration, the security engineer receives an error for a broken trust chain.

What should the security engineer do to resolve this error?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Izetta at Feb 09, 2024, 09:07 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Arlette
11 months ago
That's a good point, Donte. Maybe a combination of creating the DS record and replacing the KSK would be the best solution.
upvoted 0 times
...
Donte
11 months ago
But shouldn't the security engineer also consider replacing the KSK with a ZSK? That might help too.
upvoted 0 times
...
Carisa
12 months ago
I agree with Arlette. Creating a DS record in the parent hosted zone should establish the trust chain.
upvoted 0 times
...
Arlette
1 years ago
I think the security engineer should create a Delegation Signer (DS) record in the parent hosted zone. That should resolve the error.
upvoted 0 times
...
Alfreda
1 years ago
Alright, folks, let's stick to the task at hand. Option C is the way to go, no doubt about it. Time to ace this exam!
upvoted 0 times
...
Buck
1 years ago
Hah, you said it, Magdalene. DNSSEC, where the answers are made up and the trust chains don't matter. *rolls eyes*
upvoted 0 times
Cathern
1 years ago
C: Fingers crossed that it works this time!
upvoted 0 times
...
Lisandra
1 years ago
B: Good idea. Hopefully that resolves the trust chain error.
upvoted 0 times
...
Tien
1 years ago
A: Ok, let's try creating a Delegation Signer (DS) record in the subdomain.
upvoted 0 times
...
Fannie
1 years ago
D: That makes sense. Let's go with option D.
upvoted 0 times
...
Adell
1 years ago
C: No, D is the correct option. Create a Delegation Signer (DS) record in the subdomain.
upvoted 0 times
...
Nydia
1 years ago
B: I think C is the right answer. Create a Delegation Signer (DS) record in the parent hosted zone.
upvoted 0 times
...
Kaycee
1 years ago
A: Replace the KSK with a zone-signing key (ZSK).
upvoted 0 times
...
...
Magdalene
1 years ago
Exactly, that's the way to go. Gotta love those DNSSEC shenanigans, am I right? *chuckles*
upvoted 0 times
...
Doug
1 years ago
Aha, yes! Option C makes the most sense to me. The security engineer needs to create a DS record in the parent hosted zone to establish the trust chain. Brilliant!
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77