GCIH · Question #730
Which attack technique does the enabled setting in the screenshot mitigate?
The correct answer is A. LLMNR Poisoning. Disabling LLMNR via Group Policy prevents attackers from responding to broadcast name resolution queries to capture NTLMv2 credential hashes.
Question
Which attack technique does the enabled setting in the screenshot mitigate?
Exhibit
Options
- ALLMNR Poisoning
- BKeylogging
- CDHCP Spoofing
- DNetwork Sniffing
How the community answered
(13 responses)- A92% (12)
- D8% (1)
Why each option
Disabling LLMNR via Group Policy prevents attackers from responding to broadcast name resolution queries to capture NTLMv2 credential hashes.
LLMNR is a protocol that broadcasts name resolution requests on the local network segment when DNS fails, and attackers use tools like Responder to spoof answers and capture NTLMv2 hashes from the requesting host. Disabling LLMNR via Group Policy under Computer Configuration - Administrative Templates - Network - DNS Client - Turn off multicast name resolution eliminates this broadcast attack surface entirely. This is a standard hardening control specifically recommended to prevent LLMNR poisoning.
Keylogging is a local endpoint attack capturing keystrokes and is not mitigated by disabling network name resolution protocols.
DHCP spoofing involves rogue DHCP servers and is mitigated by DHCP snooping on network switches, not by disabling LLMNR.
Network sniffing is a passive eavesdropping technique mitigated by encryption, not by changes to name resolution settings.
Concept tested: Disabling LLMNR Group Policy to prevent credential poisoning
Source: https://learn.microsoft.com/en-us/windows-server/networking/dns/dnsserver/dns-client
Topics
Community Discussion
No community discussion yet for this question.
