350-701 · Question #201
How does DNS Tunneling exfiltrate data?
The correct answer is A. An attacker registers a domain that a client connects to based on DNS records and sends. DNS tunneling exfiltrates data by encoding it into DNS queries and responses for a malicious domain controlled by an attacker's authoritative DNS server.
Question
How does DNS Tunneling exfiltrate data?
Exhibit
Options
- AAn attacker registers a domain that a client connects to based on DNS records and sends
- BAn attacker opens a reverse DNS shell to get into the client's system and install malware on it.
- CAn attacker uses a non-standard DNS port to gain access to the organization's DNS servers in
- DAn attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a
How the community answered
(52 responses)- A88% (46)
- B6% (3)
- C4% (2)
- D2% (1)
Why each option
DNS tunneling exfiltrates data by encoding it into DNS queries and responses for a malicious domain controlled by an attacker's authoritative DNS server.
DNS tunneling exfiltrates data by encoding arbitrary information, such as credit card numbers, within legitimate-looking DNS queries and responses. An infected client sends DNS requests for subdomains of a malicious domain, and the attacker's authoritative DNS server receives and decodes this embedded data.
DNS tunneling typically involves encoding data in standard DNS traffic, not by opening a 'reverse DNS shell' to install malware directly.
DNS tunneling specifically leverages the standard DNS ports and protocols (UDP/53, TCP/53) to blend in with normal network traffic, rather than relying on non-standard DNS ports to gain access.
Sending emails with hidden DNS resolvers describes a form of redirection or phishing attack, which is distinct from the technical mechanism of encoding and exfiltrating data through the DNS protocol itself.
Concept tested: DNS tunneling data exfiltration mechanism
Source: https://learn.microsoft.com/en-us/azure/architecture/guide/network/secure-dns-traffic#dns-tunneling-attacks
Topics
Community Discussion
No community discussion yet for this question.
