Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SCS-C02 Topic 6 Question 31 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 31
Topic #: 6
[All SCS-C02 Questions]

A company needs to implement DNS Security Extensions (DNSSEC) for a specific subdomain. The subdomain is already registered with Amazon Route 53. A security engineer has enabled DNSSEC signing and has created a key-signing key (KSK). When the security engineer tries to test the configuration, the security engineer receives an error for a broken trust chain.

What should the security engineer do to resolve this error?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Brice at Sep 16, 2024, 10:33 PM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Kanisha
2 months ago
Haha, I bet the security engineer is scratching their head right now. Don't worry, buddy, C is the way to go!
upvoted 0 times
Kendra
28 days ago
Thanks for the tip! I'll go with option C then.
upvoted 0 times
...
Jordan
1 months ago
Yeah, creating a Delegation Signer (DS) record in the parent hosted zone should resolve the error.
upvoted 0 times
...
Ernie
1 months ago
I think C is the correct answer.
upvoted 0 times
...
...
Reita
2 months ago
I'm not sure, but maybe replacing the KSK with a ZSK could also fix the issue.
upvoted 0 times
...
Elin
2 months ago
Ah, I see. The security engineer needs to establish the trust chain by adding the DS record in the parent hosted zone. That should do the trick!
upvoted 0 times
...
Jovita
2 months ago
I agree with William. Creating a DS record in the parent hosted zone should resolve the broken trust chain error.
upvoted 0 times
...
Tamala
2 months ago
Hmm, I think the answer is C. Creating a Delegation Signer (DS) record in the parent hosted zone seems like the logical step to resolve the broken trust chain.
upvoted 0 times
Miriam
1 months ago
That's a good point, using a ZSK instead of a KSK could potentially resolve the issue as well.
upvoted 0 times
...
Lavonne
1 months ago
But wouldn't replacing the KSK with a ZSK also help in resolving the error?
upvoted 0 times
...
Dominic
1 months ago
I agree, creating a DS record in the parent hosted zone should establish the trust chain correctly.
upvoted 0 times
...
Jackie
1 months ago
A: Let's go ahead and try creating the DS record in the parent hosted zone to see if it resolves the error.
upvoted 0 times
...
Tina
1 months ago
B: Yeah, that sounds like the right solution to fix the broken trust chain.
upvoted 0 times
...
Joni
1 months ago
A: I think the answer is C too. It makes sense to create a Delegation Signer (DS) record in the parent hosted zone.
upvoted 0 times
...
Alida
2 months ago
I think the answer is C. Creating a Delegation Signer (DS) record in the parent hosted zone seems like the logical step to resolve the broken trust chain.
upvoted 0 times
...
...
William
3 months ago
I think the security engineer should create a Delegation Signer (DS) record in the parent hosted zone.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77