350-701 · Question #735
350-701 Question #735: Real Exam Question with Answer & Explanation
The correct answer is C. inspecting the DNS traffic. Cisco Secure Firewall helps mitigate data exfiltration risks by inspecting DNS traffic for anomalies or unauthorized data tunneling. Many advanced persistent threats use DNS tunneling to covertly steal sensitive information from an organization's network.
Question
Options
- Ablocking UDP port 53
- Bblocking TCP port 53
- Cinspecting the DNS traffic
- Dencrypting the DNS communication
Explanation
Cisco Secure Firewall helps mitigate data exfiltration risks by inspecting DNS traffic for anomalies or unauthorized data tunneling. Many advanced persistent threats use DNS tunneling to covertly steal sensitive information from an organization's network.
Common mistakes.
- A. Blocking UDP port 53 would prevent legitimate DNS resolution for most internet communications, disrupting normal network operations rather than specifically targeting data exfiltration within DNS. This is too broad and disruptive.
- B. Blocking TCP port 53 would prevent legitimate DNS zone transfers and might affect some specific DNS services, but it is not a primary mechanism to detect and stop data exfiltration embedded within standard DNS queries and responses.
- D. Encrypting DNS communication, such as DNS over HTTPS (DoH) or DNS over TLS (DoT), makes it difficult for a firewall to inspect the DNS payload for malicious content, thereby hindering the detection of DNS-based exfiltration rather than lowering its risk through inspection.
Concept tested. DNS tunneling exfiltration detection
Reference. https://www.cisco.com/c/en/us/products/security/dns-security/what-is-dns-tunneling.html
Topics
Community Discussion
No community discussion yet for this question.