nerdexam
Cisco

350-701 · Question #349

How is data sent out to the attacker during a DNS tunneling attack?

The correct answer is B. as part of the domain name. In DNS tunneling, data is encoded within the subdomain portion of a DNS query (e.g., c3RvbGVuZGF0YQ==.evil.com), allowing it to bypass firewalls that permit DNS traffic - this is option B. Why the distractors are wrong: A is misleading: DNS queries travel over UDP/53, but the exf

Submitted by devops_kid· Mar 30, 2026Network Security

Question

How is data sent out to the attacker during a DNS tunneling attack?

Options

  • Aas part of the UDP/53 packet payload
  • Bas part of the domain name
  • Cas part of the TCP/53 packet header
  • Das part of the DNS response packet

How the community answered

(45 responses)
  • A
    7% (3)
  • B
    89% (40)
  • C
    2% (1)
  • D
    2% (1)

Explanation

In DNS tunneling, data is encoded within the subdomain portion of a DNS query (e.g., c3RvbGVuZGF0YQ==.evil.com), allowing it to bypass firewalls that permit DNS traffic - this is option B.

Why the distractors are wrong:

  • A is misleading: DNS queries travel over UDP/53, but the exfiltrated data isn't in the raw UDP payload as freeform data - it's embedded in the DNS query structure itself (the domain name field), not a separate payload blob.
  • C is doubly wrong: DNS typically uses UDP (not TCP) for standard queries, and data exfil doesn't ride in a packet header.
  • D is backwards: DNS responses return data to the client. For exfiltration (sending data out to the attacker), the client encodes data in its outbound query, not in a response.

Memory tip: Think of DNS tunneling as "smuggling in the address" - just like hiding a note inside an envelope's return address field rather than the letter inside. The domain name is the data.

Topics

#DNS tunneling#Data exfiltration#Command and Control (C2)#Network attacks

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice