Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SCS-C02 Topic 4 Question 12 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 12
Topic #: 4
[All SCS-C02 Questions]

A company needs to implement DNS Security Extensions (DNSSEC) for a specific subdomain. The subdomain is already registered with Amazon Route 53. A security engineer has enabled DNSSEC signing and has created a key-signing key (KSK). When the security engineer tries to test the configuration, the security engineer receives an error for a broken trust chain.

What should the security engineer do to resolve this error?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Izetta at Feb 09, 2024, 09:07 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Carisa
20 hours ago
I agree with Arlette. Creating a DS record in the parent hosted zone should establish the trust chain.
upvoted 0 times
...
Arlette
2 days ago
I think the security engineer should create a Delegation Signer (DS) record in the parent hosted zone. That should resolve the error.
upvoted 0 times
...
Alfreda
24 days ago
Alright, folks, let's stick to the task at hand. Option C is the way to go, no doubt about it. Time to ace this exam!
upvoted 0 times
...
Buck
25 days ago
Hah, you said it, Magdalene. DNSSEC, where the answers are made up and the trust chains don't matter. *rolls eyes*
upvoted 0 times
Cathern
6 days ago
C: Fingers crossed that it works this time!
upvoted 0 times
...
Lisandra
7 days ago
B: Good idea. Hopefully that resolves the trust chain error.
upvoted 0 times
...
Tien
8 days ago
A: Ok, let's try creating a Delegation Signer (DS) record in the subdomain.
upvoted 0 times
...
Fannie
9 days ago
D: That makes sense. Let's go with option D.
upvoted 0 times
...
Adell
10 days ago
C: No, D is the correct option. Create a Delegation Signer (DS) record in the subdomain.
upvoted 0 times
...
Nydia
11 days ago
B: I think C is the right answer. Create a Delegation Signer (DS) record in the parent hosted zone.
upvoted 0 times
...
Kaycee
12 days ago
A: Replace the KSK with a zone-signing key (ZSK).
upvoted 0 times
...
...
Magdalene
26 days ago
Exactly, that's the way to go. Gotta love those DNSSEC shenanigans, am I right? *chuckles*
upvoted 0 times
...
Doug
27 days ago
Aha, yes! Option C makes the most sense to me. The security engineer needs to create a DS record in the parent hosted zone to establish the trust chain. Brilliant!
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77