nerdexam
EC-Council

312-50V11 · Question #922

Scenario: Joe turns on his home computer to access personal online banking. When he enters as if he has never visited the site before. When he examines the website URL closer, he finds that the site i

The correct answer is D. DNS hijacking. DNS hijacking alters DNS resolution to redirect users to fraudulent servers, causing familiar sites to appear foreign with different URLs and no valid HTTPS certificate.

Session Hijacking

Question

Scenario: Joe turns on his home computer to access personal online banking. When he enters as if he has never visited the site before. When he examines the website URL closer, he finds that the site is not secure and the web address appears different. What type of attack he is experiencing?.

Options

  • ADos attack
  • BDHCP spoofing
  • CARP cache poisoning
  • DDNS hijacking

How the community answered

(25 responses)
  • B
    4% (1)
  • C
    4% (1)
  • D
    92% (23)

Why each option

DNS hijacking alters DNS resolution to redirect users to fraudulent servers, causing familiar sites to appear foreign with different URLs and no valid HTTPS certificate.

ADos attack

A DoS attack overwhelms a service with traffic to make it unavailable entirely, which would prevent Joe from loading the site at all rather than silently redirecting him to a lookalike page.

BDHCP spoofing

DHCP spoofing provides falsified network configuration such as a rogue gateway or DNS server to clients, which is a delivery mechanism that could enable redirection but does not itself alter DNS responses or produce a visibly different website URL.

CARP cache poisoning

ARP cache poisoning redirects Layer 2 traffic by mapping a legitimate IP to an attacker's MAC address on the local network, but it does not modify DNS records or cause the website URL itself to appear different to the victim.

DDNS hijackingCorrect

DNS hijacking occurs when an attacker corrupts or intercepts DNS query responses to redirect the victim's browser to a malicious server instead of the legitimate one. This explains why Joe's banking site behaves as if never visited before - the fraudulent server holds no prior session cookies or saved credentials - and why the URL appears different and the connection is flagged as insecure due to a mismatched or missing TLS certificate.

Concept tested: DNS hijacking attack identification and symptoms

Source: https://www.cisa.gov/news-events/alerts/2019/01/16/dns-infrastructure-tampering

Topics

#DNS hijacking#URL spoofing#web spoofing#network redirection

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice