Which attack can be mitigated using DNSSEC (Domain Name

Solution

DNSSEC is specifically designed to prevent DNS spoofing, also known as cache poisoning, where an attacker injects malicious data into a DNS resolver’s cache, redirecting users to fraudulent websites. DNSSEC works by using digital signatures and public-key cryptography to verify the authenticity of DNS responses. This ensures that users always receive accurate and untampered domain-to-IP mappings. For instance, if a user attempts to access "example.com," DNSSEC validates the response from the authoritative DNS server, blocking any malicious attempts to redirect the user to a phishing site. Why Other Options Are Incorrect:

• A) DNSSEC does not prevent DDoS attacks, which require traffic mitigation strategies like rate limiting or load balancing.
• B) While DNSSEC ensures DNS response integrity, it does not provide end-to-end encryption to thwart MITM attacks entirely.
• D) SQL Injection is a database vulnerability unrelated to DNS, requiring secure query practices to mitigate.
• E) Phishing attacks exploit human behavior rather than technical vulnerabilities like DNS spoofing.