🔥 3-day streak
AWS Certified Advanced Networking - Specialty80 / 141
Question 80 of 141
A financial services company must ensure that all DNS responses resolved by workloads in a production VPC are cryptographically validated to prevent DNS spoofing and cache poisoning. The workloads query both public domains and an internal Route 53 private hosted zone. The security team requires that any response failing validation be rejected rather than returned to the client. What should the network engineer implement to meet this requirement with the least operational overhead?
Reviewed for accuracy · Report an issueNext question