nerdexam
Cisco

210-255 · Question #83

Which of the following can be identified by correlating DNS intelligence and other security events? (Choose two.)

The correct answer is A. Communication to CnC servers C. Malicious domains based on reputation. Correlating DNS query data with threat intelligence allows security teams to detect beaconing to command-and-control servers and identify malicious domains through reputation scoring.

Security Monitoring

Question

Which of the following can be identified by correlating DNS intelligence and other security events? (Choose two.)

Options

  • ACommunication to CnC servers
  • BConfiguration issues
  • CMalicious domains based on reputation
  • DRouting problems

How the community answered

(50 responses)
  • A
    80% (40)
  • B
    14% (7)
  • D
    6% (3)

Why each option

Correlating DNS query data with threat intelligence allows security teams to detect beaconing to command-and-control servers and identify malicious domains through reputation scoring.

ACommunication to CnC serversCorrect

Malware communicating with command-and-control (CnC) infrastructure relies on DNS to resolve the C2 server's hostname. By correlating DNS query logs with threat feeds and behavioral patterns such as beaconing intervals or DGA domain patterns, analysts can identify compromised hosts reaching out to CnC servers.

BConfiguration issues

Configuration issues such as misconfigured servers or access control problems are not typically surfaced through DNS intelligence correlation - they require configuration audits and vulnerability scans.

CMalicious domains based on reputationCorrect

DNS reputation services maintain databases of known malicious, phishing, or botnet-associated domains. By comparing DNS queries against these reputation feeds, security tools can flag or block resolutions to malicious domains before a full connection is established.

DRouting problems

Routing problems involve BGP, OSPF, or other Layer 3 routing protocols and are diagnosed through network monitoring tools, not DNS intelligence.

Concept tested: DNS intelligence correlation for threat detection

Source: https://learn.microsoft.com/en-us/azure/sentinel/dns-domain-generation-algorithm

Topics

#DNS intelligence#C2 detection#threat correlation#domain reputation

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice