nerdexam
EC-Council

312-50V10 · Question #608

A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration?

The correct answer is C. Remove A records for internal hosts.. Removing DNS A records for internal hosts from publicly accessible DNS servers prevents external attackers from discovering and enumerating internal network resources.

Enumeration

Question

A company has publicly hosted web applications and an internal Intranet protected by a firewall. Which technique will help protect against enumeration?

Options

  • AReject all invalid email received via SMTP.
  • BAllow full DNS zone transfers.
  • CRemove A records for internal hosts.
  • DEnable null session pipes.

How the community answered

(25 responses)
  • A
    4% (1)
  • B
    4% (1)
  • C
    84% (21)
  • D
    8% (2)

Why each option

Removing DNS A records for internal hosts from publicly accessible DNS servers prevents external attackers from discovering and enumerating internal network resources.

AReject all invalid email received via SMTP.

Rejecting invalid SMTP email helps reduce spam and spoofing but does not prevent DNS-based enumeration of internal hosts.

BAllow full DNS zone transfers.

Allowing full DNS zone transfers is the opposite of a protective measure - it exposes all DNS records to any requesting party, greatly aiding enumeration.

CRemove A records for internal hosts.Correct

DNS enumeration allows attackers to map internal network topology by querying A records that resolve hostnames to IP addresses. By removing A records for internal hosts from public-facing DNS, those hosts become undiscoverable to external parties. This is a key split-DNS or DNS hygiene practice that limits the information available to an attacker performing reconnaissance against the organization.

DEnable null session pipes.

Enabling null session pipes on Windows allows unauthenticated connections to enumerate shares, users, and groups, which increases attack surface rather than reducing enumeration risk.

Concept tested: DNS A record removal to prevent host enumeration

Source: https://learn.microsoft.com/en-us/windows-server/networking/dns/dns-overview

Topics

#DNS enumeration#A records#internal host protection#zone transfer

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice