nerdexam
Cisco

350-701 · Question #201

How does DNS Tunneling exfiltrate data?

The correct answer is A. An attacker registers a domain that a client connects to based on DNS records and sends. DNS tunneling exfiltrates data by encoding it into DNS queries and responses for a malicious domain controlled by an attacker's authoritative DNS server.

Submitted by minji_kr· Mar 30, 2026Network Security

Question

How does DNS Tunneling exfiltrate data?

Exhibit

350-701 question #201 exhibit

Options

  • AAn attacker registers a domain that a client connects to based on DNS records and sends
  • BAn attacker opens a reverse DNS shell to get into the client's system and install malware on it.
  • CAn attacker uses a non-standard DNS port to gain access to the organization's DNS servers in
  • DAn attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a

How the community answered

(52 responses)
  • A
    88% (46)
  • B
    6% (3)
  • C
    4% (2)
  • D
    2% (1)

Why each option

DNS tunneling exfiltrates data by encoding it into DNS queries and responses for a malicious domain controlled by an attacker's authoritative DNS server.

AAn attacker registers a domain that a client connects to based on DNS records and sendsCorrect

DNS tunneling exfiltrates data by encoding arbitrary information, such as credit card numbers, within legitimate-looking DNS queries and responses. An infected client sends DNS requests for subdomains of a malicious domain, and the attacker's authoritative DNS server receives and decodes this embedded data.

BAn attacker opens a reverse DNS shell to get into the client's system and install malware on it.

DNS tunneling typically involves encoding data in standard DNS traffic, not by opening a 'reverse DNS shell' to install malware directly.

CAn attacker uses a non-standard DNS port to gain access to the organization's DNS servers in

DNS tunneling specifically leverages the standard DNS ports and protocols (UDP/53, TCP/53) to blend in with normal network traffic, rather than relying on non-standard DNS ports to gain access.

DAn attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a

Sending emails with hidden DNS resolvers describes a form of redirection or phishing attack, which is distinct from the technical mechanism of encoding and exfiltrating data through the DNS protocol itself.

Concept tested: DNS tunneling data exfiltration mechanism

Source: https://learn.microsoft.com/en-us/azure/architecture/guide/network/secure-dns-traffic#dns-tunneling-attacks

Topics

#DNS Tunneling#Data Exfiltration

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice