Cisco
210-255 · Question #83
210-255 Question #83: Real Exam Question with Answer & Explanation
The correct answer is A: Communication to CnC servers. Correlating DNS query data with threat intelligence allows security teams to detect beaconing to command-and-control servers and identify malicious domains through reputation scoring.
Question
Which of the following can be identified by correlating DNS intelligence and other security events? (Choose two.)
Options
- ACommunication to CnC servers
- BConfiguration issues
- CMalicious domains based on reputation
- DRouting problems
Explanation
Correlating DNS query data with threat intelligence allows security teams to detect beaconing to command-and-control servers and identify malicious domains through reputation scoring.
Common mistakes.
- B. Configuration issues such as misconfigured servers or access control problems are not typically surfaced through DNS intelligence correlation - they require configuration audits and vulnerability scans.
- D. Routing problems involve BGP, OSPF, or other Layer 3 routing protocols and are diagnosed through network monitoring tools, not DNS intelligence.
Concept tested. DNS intelligence correlation for threat detection
Reference. https://learn.microsoft.com/en-us/azure/sentinel/dns-domain-generation-algorithm
Community Discussion
No community discussion yet for this question.