350-701 · Question #480
Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?
The correct answer is D. outbound. During DNS tunneling for data exfiltration, attackers encode data in DNS requests that are sent in an outbound direction from the compromised network.
Question
Which direction do attackers encode data in DNS requests during exfiltration using DNS tunneling?
Options
- Ainbound
- Bnorth-south
- Ceast-west
- Doutbound
How the community answered
(30 responses)- A7% (2)
- B3% (1)
- C3% (1)
- D87% (26)
Why each option
During DNS tunneling for data exfiltration, attackers encode data in DNS requests that are sent in an outbound direction from the compromised network.
Inbound refers to data coming into the network, whereas exfiltration is about data leaving the network.
North-south traffic typically refers to client-server communication between the internal network and the internet, which while DNS requests are, the term 'outbound' more precisely describes the exfiltration direction relative to the internal network perimeter.
East-west traffic refers to communication between devices *within* the same network or data center, which is not the direction for data exfiltration to an external attacker.
In DNS tunneling for data exfiltration, attackers encode stolen data within legitimate-looking DNS queries, which are then sent from the compromised internal network to an attacker-controlled external DNS server, making the data flow in an outbound direction.
Concept tested: DNS tunneling (data exfiltration direction)
Source: https://www.cisco.com/c/en/us/products/security/dns-security/what-is-dns-tunneling.html
Topics
Community Discussion
No community discussion yet for this question.