312-50V11 · Question #922
Scenario: Joe turns on his home computer to access personal online banking. When he enters as if he has never visited the site before. When he examines the website URL closer, he finds that the site i
The correct answer is D. DNS hijacking. DNS hijacking alters DNS resolution to redirect users to fraudulent servers, causing familiar sites to appear foreign with different URLs and no valid HTTPS certificate.
Question
Scenario: Joe turns on his home computer to access personal online banking. When he enters as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?.
Options
- ADos attack
- BDHCP spoofing
- CARP cache poisoning
- DDNS hijacking
How the community answered
(25 responses)- B4% (1)
- C4% (1)
- D92% (23)
Why each option
DNS hijacking alters DNS resolution to redirect users to fraudulent servers, causing familiar sites to appear foreign with different URLs and no valid HTTPS certificate.
A DoS attack overwhelms a service with traffic to make it unavailable entirely, which would prevent Joe from loading the site at all rather than silently redirecting him to a lookalike page.
DHCP spoofing provides falsified network configuration such as a rogue gateway or DNS server to clients, which is a delivery mechanism that could enable redirection but does not itself alter DNS responses or produce a visibly different website URL.
ARP cache poisoning redirects Layer 2 traffic by mapping a legitimate IP to an attacker's MAC address on the local network, but it does not modify DNS records or cause the website URL itself to appear different to the victim.
DNS hijacking occurs when an attacker corrupts or intercepts DNS query responses to redirect the victim's browser to a malicious server instead of the legitimate one. This explains why Joe's banking site behaves as if never visited before - the fraudulent server holds no prior session cookies or saved credentials - and why the URL appears different and the connection is flagged as insecure due to a mismatched or missing TLS certificate.
Concept tested: DNS hijacking attack identification and symptoms
Source: https://www.cisa.gov/news-events/alerts/2019/01/16/dns-infrastructure-tampering
Topics
Community Discussion
No community discussion yet for this question.