CompTIA CASP+ Practice Test

What is the most effective method to prevent external threats from accessing sensitive information stored in a company's internal DNS server?

• A. Implement internal security protocols.
• B. Use split DNS with segregated information.
• C. Encrypt all data in the DNS server.
• D. Employ firewalls to block external access.

The correct answer is: Use split DNS with segregated information.

Using split DNS with segregated information is the most effective method to prevent external threats from accessing sensitive information stored in a company's internal DNS server. Split DNS refers to a configuration where two sets of DNS records are maintained: one for internal use and one for external use. This setup allows the organization to keep sensitive records confidential by restricting access to the internal DNS server, which provides information only to internal users. Implementing this method minimizes the risk of exposing sensitive internal records to external entities, as they only view a subset of DNS records that have been publicly designated. Sensitive information remains secured and only accessible to authorized users within the organization. In contrast, while internal security protocols are important, they do not specifically address the need to separate internal from external information in a DNS context. Encrypting data in the DNS server offers a layer of security but does not inherently prevent external access to the DNS records stored within the server. Employing firewalls is a valuable practice for network security, but without the split DNS configuration, some sensitive information may still be exposed through other means. Thus, using split DNS directly targets the issue of managing and securing sensitive information separated from public-facing data.