Zone Transfer — CompTIA PenTest+ (PT0-002) Practice Questions

A DNS zone transfer is a mechanism originally designed to replicate DNS records from a primary name server to a secondary one, but when misconfigured to allow arbitrary clients to request it, the entire DNS zone (all hostnames, IP addresses, and record types) can be downloaded in one query. The PT0-002 exam tests this as a classic misconfiguration finding that demonstrates poor DNS security hygiene. A successful zone transfer gives a penetration tester an immediate and comprehensive inventory of all hosts in a domain, dramatically narrowing the scope of further reconnaissance. Candidates should know the conditions that enable a zone transfer, which tools perform it, and how organizations should restrict it.

Free questions on zone transfer

More zone transfer questions in the full bank

• What does a DNS zone transfer reveal? Unlock answer & explanation →