CompTIA CASP+ Practice Test

What should the security administrator implement to mitigate unauthorized IP address associations on a banking website?

• A. DNS filtering
• B. Two-factor authentication
• C. Host-based firewalls
• D. Intrusion Detection Systems (IDS)

The correct answer is: DNS filtering

Implementing DNS filtering is an effective measure to mitigate unauthorized IP address associations, particularly for a banking website. DNS filtering helps by controlling which IP addresses are associated with domain names, allowing the organization to block any potentially malicious or unauthorized IP addresses before they can connect to the network. Since unauthorized or malicious users may attempt to associate their IP addresses with legitimate banking services, DNS filtering can prevent these attacks by resolving only those IP addresses that are explicitly permitted. Additionally, DNS filtering can help in protecting the organization against various DNS spoofing and phishing attacks, where attackers try to redirect legitimate users to malicious sites. By maintaining a stringent DNS policy, the security administrator can reduce the risk of users being misled to enter their credentials on fraudulent sites. In contrast, the other options serve different purposes in cybersecurity. Two-factor authentication is primarily used to strengthen user login security but does not directly mitigate unauthorized IP associations. Host-based firewalls control traffic to and from individual devices but may not be effective against broader attempts to associate unauthorized IP addresses. Intrusion Detection Systems (IDS) monitor network traffic for suspicious activities but do not prevent unauthorized IP address associations directly. Each of these alternatives provides value, but they do not specifically address the issue of unauthorized IP address associations like DNS filtering does