312-50V13 · Question #294
Robin, an attacker, is attempting to bypass the firewalls of an organization through the DNS tunneling method in order to exfiltrate data. He is using the NSTX tool for bypassing the firewalls. On whi
The correct answer is A. Port 53. DNS Tunneling with NSTX Port 53 is correct because it is the standard port for DNS (Domain Name System) traffic, and DNS tunneling tools like NSTX encapsulate data within DNS queries and responses to bypass firewalls - firewalls typically allow DNS traffic on Port 53 to pass free
Question
Options
- APort 53
- BPort 23
- CPort 50
- DPort 80
How the community answered
(42 responses)- A88% (37)
- B2% (1)
- C2% (1)
- D7% (3)
Explanation
DNS Tunneling with NSTX
Port 53 is correct because it is the standard port for DNS (Domain Name System) traffic, and DNS tunneling tools like NSTX encapsulate data within DNS queries and responses to bypass firewalls - firewalls typically allow DNS traffic on Port 53 to pass freely, making it an ideal covert channel for data exfiltration. Port 23 is associated with Telnet, Port 80 is used for HTTP web traffic, and Port 50 is linked to the Encapsulating Security Payload (ESP) protocol used in IPSec - none of these are relevant to DNS operations or NSTX functionality.
Memory Tip: Think "DNS = 53" - just remember that DNS tunneling hides inside normal DNS traffic, so it must run on the DNS port (53) to blend in and avoid detection. If you remember that DNS always uses Port 53, you'll always get DNS-related tool questions correct on the exam.
Topics
Community Discussion
No community discussion yet for this question.