Which attack can be mitigated using DNSSEC (Domain Name System Security Extensions)?

DNSSEC is specifically designed to prevent DNS spoofing, also known as cache poisoning, where an attacker injects malicious data into a DNS resolver’s cache, redirecting users to fraudulent websites. DNSSEC works by using digital signatures and public-key cryptography to verify the authenticity of DNS responses. This ensures that users always receive accurate and untampered domain-to-IP mappings. For instance, if a user attempts to access "example.com," DNSSEC validates the response from the authoritative DNS server, blocking any malicious attempts to redirect the user to a phishing site. Why Other Options Are Incorrect:

• A) DNSSEC does not prevent DDoS attacks, which require traffic mitigation strategies like rate limiting or load balancing.
• B) While DNSSEC ensures DNS response integrity, it does not provide end-to-end encryption to thwart MITM attacks entirely.
• D) SQL Injection is a database vulnerability unrelated to DNS, requiring secure query practices to mitigate.
• E) Phishing attacks exploit human behavior rather than technical vulnerabilities like DNS spoofing.