Conquer the 2025 CISSP Challenge – Master Your InfoSec Skills with Confidence!

DNSSEC, or Domain Name System Security Extensions, is designed to enhance the security of the DNS (Domain Name System) by providing a mechanism to ensure that DNS responses are authentic and have not been altered during transmission. This is achieved through the use of digital signatures applied to DNS data. When a DNS resolver queries a DNS server and receives a response for a domain, it can verify that this response is legitimate and has not been tampered with by checking the associated signatures.

The integrity aspect means that the data received is exactly what the DNS authoritative server intended to send, ensuring that adversaries cannot inject malicious information into the DNS responses. The authentication aspect guarantees that the response comes from a valid source, as only the authorized server can sign the responses with a valid key.

While options like redundancy and high availability relate to system design for resilience, and encryption focuses on protecting confidentiality, these concepts are not the core functions of DNSSEC. Similarly, compression of DNS queries does not pertain directly to the authentication and integrity that DNSSEC provides. Thus, the correct answer accurately captures the primary purpose of DNSSEC in safeguarding DNS responses against various types of attacks, such as cache poisoning and spoofing.