210-255 · Question #83
Which of the following can be identified by correlating DNS intelligence and other security events? (Choose two.)
The correct answer is A. Communication to CnC servers C. Malicious domains based on reputation. Correlating DNS query data with threat intelligence allows security teams to detect beaconing to command-and-control servers and identify malicious domains through reputation scoring.
Question
Which of the following can be identified by correlating DNS intelligence and other security events? (Choose two.)
Options
- ACommunication to CnC servers
- BConfiguration issues
- CMalicious domains based on reputation
- DRouting problems
How the community answered
(50 responses)- A80% (40)
- B14% (7)
- D6% (3)
Why each option
Correlating DNS query data with threat intelligence allows security teams to detect beaconing to command-and-control servers and identify malicious domains through reputation scoring.
Malware communicating with command-and-control (CnC) infrastructure relies on DNS to resolve the C2 server's hostname. By correlating DNS query logs with threat feeds and behavioral patterns such as beaconing intervals or DGA domain patterns, analysts can identify compromised hosts reaching out to CnC servers.
Configuration issues such as misconfigured servers or access control problems are not typically surfaced through DNS intelligence correlation - they require configuration audits and vulnerability scans.
DNS reputation services maintain databases of known malicious, phishing, or botnet-associated domains. By comparing DNS queries against these reputation feeds, security tools can flag or block resolutions to malicious domains before a full connection is established.
Routing problems involve BGP, OSPF, or other Layer 3 routing protocols and are diagnosed through network monitoring tools, not DNS intelligence.
Concept tested: DNS intelligence correlation for threat detection
Source: https://learn.microsoft.com/en-us/azure/sentinel/dns-domain-generation-algorithm
Topics
Community Discussion
No community discussion yet for this question.