350-701 · Question #349
How is data sent out to the attacker during a DNS tunneling attack?
The correct answer is B. as part of the domain name. In DNS tunneling, data is encoded within the subdomain portion of a DNS query (e.g., c3RvbGVuZGF0YQ==.evil.com), allowing it to bypass firewalls that permit DNS traffic - this is option B. Why the distractors are wrong: A is misleading: DNS queries travel over UDP/53, but the exf
Question
How is data sent out to the attacker during a DNS tunneling attack?
Options
- Aas part of the UDP/53 packet payload
- Bas part of the domain name
- Cas part of the TCP/53 packet header
- Das part of the DNS response packet
How the community answered
(45 responses)- A7% (3)
- B89% (40)
- C2% (1)
- D2% (1)
Explanation
In DNS tunneling, data is encoded within the subdomain portion of a DNS query (e.g., c3RvbGVuZGF0YQ==.evil.com), allowing it to bypass firewalls that permit DNS traffic - this is option B.
Why the distractors are wrong:
- A is misleading: DNS queries travel over UDP/53, but the exfiltrated data isn't in the raw UDP payload as freeform data - it's embedded in the DNS query structure itself (the domain name field), not a separate payload blob.
- C is doubly wrong: DNS typically uses UDP (not TCP) for standard queries, and data exfil doesn't ride in a packet header.
- D is backwards: DNS responses return data to the client. For exfiltration (sending data out to the attacker), the client encodes data in its outbound query, not in a response.
Memory tip: Think of DNS tunneling as "smuggling in the address" - just like hiding a note inside an envelope's return address field rather than the letter inside. The domain name is the data.
Topics
Community Discussion
No community discussion yet for this question.