CS0-003 · Question #250
CS0-003 Question #250: Real Exam Question with Answer & Explanation
The correct answer is A: DNS exfiltration. DNS exfiltration is a technique that uses the DNS protocol to transfer data from a compromised network or device to an attacker-controlled server. DNS exfiltration can bypass firewall rules and security products that do not inspect DNS traffic. The characteristics of the suspicio
Question
A security analyst has found the following suspicious DNS traffic while analyzing a packet capture: - DNS traffic while a tunneling session is active. - The mean time between queries is less than one second. - The average query length exceeds 100 characters. Which of the following attacks most likely occurred?
Options
- ADNS exfiltration
- BDNS spoofing
- CDNS zone transfer
- DDNS poisoning
Explanation
DNS exfiltration is a technique that uses the DNS protocol to transfer data from a compromised network or device to an attacker-controlled server. DNS exfiltration can bypass firewall rules and security products that do not inspect DNS traffic. The characteristics of the suspicious DNS traffic in the question match the indicators of DNS exfiltration, such as: DNS traffic while a tunneling session is active: This implies that the DNS protocol is being used to create a covert channel for data transfer. The mean time between queries is less than one second: This implies that the DNS queries are being sent at a high frequency to maximize the amount of data transferred. The average query length exceeds 100 characters: This implies that the DNS queries are encoding large amounts of data in the subdomains or other fields of the DNS packets.
Topics
Community Discussion
No community discussion yet for this question.