BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SCS-C02 Topic 4 Question 12 Discussion

Actual exam question for Amazon's SCS-C02 exam
Question #: 12
Topic #: 4
[All SCS-C02 Questions]

A company needs to implement DNS Security Extensions (DNSSEC) for a specific subdomain. The subdomain is already registered with Amazon Route 53. A security engineer has enabled DNSSEC signing and has created a key-signing key (KSK). When the security engineer tries to test the configuration, the security engineer receives an error for a broken trust chain.

What should the security engineer do to resolve this error?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Izetta at Feb 09, 2024, 09:07 AM

Limited Time Offer

25%

Off

Get Premium SCS-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Arlette
5 months ago
That's a good point, Donte. Maybe a combination of creating the DS record and replacing the KSK would be the best solution.
upvoted 0 times
...
Donte
5 months ago
But shouldn't the security engineer also consider replacing the KSK with a ZSK? That might help too.
upvoted 0 times
...
Carisa
6 months ago
I agree with Arlette. Creating a DS record in the parent hosted zone should establish the trust chain.
upvoted 0 times
...
Arlette
6 months ago
I think the security engineer should create a Delegation Signer (DS) record in the parent hosted zone. That should resolve the error.
upvoted 0 times
...
Alfreda
7 months ago
Alright, folks, let's stick to the task at hand. Option C is the way to go, no doubt about it. Time to ace this exam!
upvoted 0 times
...
Buck
7 months ago
Hah, you said it, Magdalene. DNSSEC, where the answers are made up and the trust chains don't matter. *rolls eyes*
upvoted 0 times
Cathern
6 months ago
C: Fingers crossed that it works this time!
upvoted 0 times
...
Lisandra
7 months ago
B: Good idea. Hopefully that resolves the trust chain error.
upvoted 0 times
...
Tien
7 months ago
A: Ok, let's try creating a Delegation Signer (DS) record in the subdomain.
upvoted 0 times
...
Fannie
7 months ago
D: That makes sense. Let's go with option D.
upvoted 0 times
...
Adell
7 months ago
C: No, D is the correct option. Create a Delegation Signer (DS) record in the subdomain.
upvoted 0 times
...
Nydia
7 months ago
B: I think C is the right answer. Create a Delegation Signer (DS) record in the parent hosted zone.
upvoted 0 times
...
Kaycee
7 months ago
A: Replace the KSK with a zone-signing key (ZSK).
upvoted 0 times
...
...
Magdalene
7 months ago
Exactly, that's the way to go. Gotta love those DNSSEC shenanigans, am I right? *chuckles*
upvoted 0 times
...
Doug
7 months ago
Aha, yes! Option C makes the most sense to me. The security engineer needs to create a DS record in the parent hosted zone to establish the trust chain. Brilliant!
upvoted 0 times
...

Save Cancel