nerdexam
(ISC)2

CISSP · Question #604

Why would a security architect specify that a default route pointing to a sinkhole be injected into internal networks?

The correct answer is B. To detect the traffic destined to non-existent network destinations. A sinkhole route (also called a null route or blackhole route) is a default route injected into a network that directs traffic destined for unknown or non-existent destinations to a sinkhole server for analysis and detection.

Submitted by yuriko_h· Mar 5, 2026Communication and Network Security

Question

Why would a security architect specify that a default route pointing to a sinkhole be injected into internal networks?

Options

  • ATo have firewalls route all network traffic
  • BTo detect the traffic destined to non-existent network destinations
  • CTo exercise authority over the network department
  • DTo re-inject the route into external networks

How the community answered

(16 responses)
  • A
    6% (1)
  • B
    75% (12)
  • C
    6% (1)
  • D
    13% (2)

Why each option

A sinkhole route (also called a null route or blackhole route) is a default route injected into a network that directs traffic destined for unknown or non-existent destinations to a sinkhole server for analysis and detection.

ATo have firewalls route all network traffic

A sinkhole route is not a firewall routing mechanism; it is specifically a security monitoring technique that redirects unroutable traffic to a controlled destination for analysis, not to firewalls for policy enforcement.

BTo detect the traffic destined to non-existent network destinationsCorrect

A sinkhole default route captures traffic that would otherwise be dropped or go undetected by redirecting it to a monitored destination. This technique is used by security architects to detect malware C2 communications, misconfigurations, or traffic attempting to reach non-existent IP space, as infected hosts often generate traffic to destinations not present in legitimate routing tables. The sinkhole logs and analyzes this traffic, providing visibility into potentially malicious activity within the internal network.

CTo exercise authority over the network department

Injecting routes for organizational authority has no technical basis in network security architecture; route injection decisions are driven by security and operational requirements, not departmental control.

DTo re-inject the route into external networks

Sinkhole routes are an internal security monitoring construct and are not intended to be redistributed or re-injected into external routing tables, which would cause significant routing instability and security risks.

Concept tested: DNS/IP sinkholing for malicious traffic detection

Source: https://www.cisco.com/c/en/us/about/security-center/intelligent-cybersecurity.html

Topics

#network architecture#sinkhole#traffic filtering#malware prevention

Community Discussion

No community discussion yet for this question.

Full CISSP Practice