nerdexam
EC-Council

312-50V13 · Question #97

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the

The correct answer is C. DNS poisoning. The scenario describes an external user seeing a defaced website while an internal user sees the legitimate site, strongly indicating DNS poisoning where external DNS servers were compromised to redirect requests.

Submitted by stefanr· Mar 6, 2026Sniffing

Question

Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the main Mason Insurance web site had been vandalized! All of its normal content was removed and replaced with an attacker's message ''Hacker Message: You are dead! Freaks!'' From his office, which was directly connected to Mason Insurance's internal network, Joseph surfed to the Web site using his laptop. In his browser, the Web site looked completely intact. After seeing the defaced Web site, he disconnected his dial-up line, reconnected to the internal network, and used Secure Shell (SSH) to log in directly to the Web server. He ran Tripwire against the entire Web site, and determined that every system file and all the Web content on the server were intact. How did the attacker accomplish this hack?

Options

  • AARP spoofing
  • BSQL injection
  • CDNS poisoning
  • DRouting table injection

How the community answered

(18 responses)
  • B
    11% (2)
  • C
    83% (15)
  • D
    6% (1)

Why each option

The scenario describes an external user seeing a defaced website while an internal user sees the legitimate site, strongly indicating DNS poisoning where external DNS servers were compromised to redirect requests.

AARP spoofing

ARP spoofing is a local network attack where an attacker links their MAC address with the IP address of a legitimate computer or router, typically affecting devices on the same subnet, not external internet users.

BSQL injection

SQL injection targets databases through vulnerabilities in web application input fields, leading to data manipulation or extraction, but it wouldn't cause different content to be displayed based on whether the user is internal or external without the underlying web server being compromised.

CDNS poisoningCorrect

DNS poisoning occurs when an attacker redirects legitimate traffic to a malicious server by corrupting DNS resolver caches or authoritative DNS servers. In this scenario, external users see the defaced site because their DNS queries resolve to the attacker's server, while internal users, likely using internal DNS that remains uncompromised, see the correct website.

DRouting table injection

Routing table injection involves manipulating routing protocols to redirect network traffic, which would affect all users reaching the server via the compromised route, not selectively external users while internal users remain unaffected.

Concept tested: DNS poisoning attack characteristics

Source: https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/dns-security-overview

Topics

#DNS poisoning#website defacement#cache poisoning

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice