Cisco
350-201 · Question #131
350-201 Question #131: Real Exam Question with Answer & Explanation
The correct answer is D: Domain Name System poisoning. DNS poisoning corrupts resolver cache records to redirect users from a legitimate domain to a malicious IP address, matching the described behavior exactly.
Network Intrusion Analysis
Question
An engineer received multiple reports from users trying to access a company website and instead of landing on the website, they are redirected to a malicious website that asks them to fill in sensitive personal data. Which type of attack is occurring?
Options
- AAddress Resolution Protocol poisoning
- Bsession hijacking attack
- Cteardrop attack
- DDomain Name System poisoning
Explanation
DNS poisoning corrupts resolver cache records to redirect users from a legitimate domain to a malicious IP address, matching the described behavior exactly.
Common mistakes.
- A. ARP poisoning operates at Layer 2 by mapping the attacker's MAC address to a legitimate IP within the same broadcast domain, affecting local LAN traffic routing rather than domain name resolution.
- B. Session hijacking steals or forges an authenticated session token after a user has already logged in successfully, and does not redirect unauthenticated users to a different domain.
- C. A teardrop attack is a denial-of-service technique that sends malformed overlapping IP fragments to crash the target system's TCP/IP stack, and has no mechanism for redirecting web traffic.
Concept tested. DNS cache poisoning redirect attack identification
Reference. https://www.cisa.gov/news-events/alerts/2019/01/16/dns-infrastructure-tampering
Topics
#DNS poisoning#DNS spoofing#redirect attack#web security
Community Discussion
No community discussion yet for this question.