200-201 · Question #345
200-201 Question #345: Real Exam Question with Answer & Explanation
The correct answer is B: possible DNS tunneling with encrypted communication through CNAMEs. The exhibit, which is not provided but implied, points to DNS tunneling, a technique where attackers smuggle data by encoding it within DNS queries and responses, frequently leveraging CNAME records.
Question
Refer to the exhibit. What is occurring?
Options
- Apossible DNS amplification attack with requests that maximize data quantity
- Bpossible DNS tunneling with encrypted communication through CNAMEs
- Cpossible DNS cache poisoning with misdirects toward a fraudulent website
- Dpossible botnet traffic with random MX querying to generate increased traffic
Explanation
The exhibit, which is not provided but implied, points to DNS tunneling, a technique where attackers smuggle data by encoding it within DNS queries and responses, frequently leveraging CNAME records.
Common mistakes.
- A. DNS amplification attacks involve sending small spoofed requests to DNS servers to generate large responses directed at a victim, focusing on volume, not data exfiltration via specific record types.
- C. DNS cache poisoning involves injecting forged DNS records into a resolver's cache to redirect users to malicious websites, which is different from data exfiltration through DNS.
- D. Botnet traffic might involve various DNS queries, but random MX querying to generate increased traffic doesn't specifically describe DNS tunneling for data exfiltration.
Concept tested. DNS tunneling attack identification
Reference. https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-monitor-overview
Topics
Community Discussion
No community discussion yet for this question.