Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
A senior security engineer flags the following log file snippet as having likely facilitated an attacker's lateral movement in a recent breach: qry_source: 19.27.214.22 TCP/53 qry_dest: 199.105.22.13 TCP/53 qry_type: AXFR | in comptia.org ------------ directoryserver1 A 10.80.8.10 ------------ directoryserver2 A 10.80.8.11 ------------ directoryserver3 A 10.80.8.12 ------------ internal-dns A 10.80.9.1 ----------- www-int A 10.80.9.3 ------------ fshare A 10.80.9.4 ------------ sip A 10.80.9.5 ------------ msn-crit-apcs A 10.81.22.33 Which of the following solutions, if implemented, would mitigate the risk of this issue reoccurring?
Correct Answer: A
Comprehensive and Detailed The log shows an AXFR (zone transfer) query, which exposed internal DNS records, aiding lateral movement. Let's evaluate: A . Disabling DNS zone transfers: AXFR allows full DNS zone data to be transferred. Disabling it externally prevents attackers from mapping internal networks, directly mitigating this issue per CAS-005's security operations focus. B . Restricting to UDP/53: AXFR uses TCP/53, so this wouldn't stop it. C . DNS masking: Obscures records but isn't a standard term for this fix. D . Internal-only queries: Helps but doesn't fully prevent external AXFR if misconfigured.