312-50V13 · Question #97
Joseph was the Web site administrator for the Mason Insurance in New York, who's main Web the Web site. One night, Joseph received an urgent phone call from his friend, Smith. According to Smith, the
The correct answer is C. DNS poisoning. The scenario describes an external user seeing a defaced website while an internal user sees the legitimate site, strongly indicating DNS poisoning where external DNS servers were compromised to redirect requests.
Question
Options
- AARP spoofing
- BSQL injection
- CDNS poisoning
- DRouting table injection
How the community answered
(18 responses)- B11% (2)
- C83% (15)
- D6% (1)
Why each option
The scenario describes an external user seeing a defaced website while an internal user sees the legitimate site, strongly indicating DNS poisoning where external DNS servers were compromised to redirect requests.
ARP spoofing is a local network attack where an attacker links their MAC address with the IP address of a legitimate computer or router, typically affecting devices on the same subnet, not external internet users.
SQL injection targets databases through vulnerabilities in web application input fields, leading to data manipulation or extraction, but it wouldn't cause different content to be displayed based on whether the user is internal or external without the underlying web server being compromised.
DNS poisoning occurs when an attacker redirects legitimate traffic to a malicious server by corrupting DNS resolver caches or authoritative DNS servers. In this scenario, external users see the defaced site because their DNS queries resolve to the attacker's server, while internal users, likely using internal DNS that remains uncompromised, see the correct website.
Routing table injection involves manipulating routing protocols to redirect network traffic, which would affect all users reaching the server via the compromised route, not selectively external users while internal users remain unaffected.
Concept tested: DNS poisoning attack characteristics
Source: https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/dns-security-overview
Topics
Community Discussion
No community discussion yet for this question.