SK0-005 Question #294: Real Exam Question with Answer & Explanation

Question

A junior administrator reported that the website used for anti-malware updates is not working. The senior administrator then discovered all requests to the anti-malware site are being redirected to a malicious site. Which of the following tools should the senior administrator check FIRST to identify the potential cause of the issue?

Options

• AData loss prevention
• BFile integrity monitor
• CPort scanner
• DSniffer

Explanation

A sniffer (packet analyzer) is the best tool to check first because it can capture and analyze network traffic to identify the exact point of redirection, such as DNS poisoning or an altered hosts file.

Common mistakes.

• A. Data Loss Prevention (DLP) tools are designed to prevent sensitive data from leaving the organization's network, not to diagnose website redirection issues.
• B. A File Integrity Monitor (FIM) tracks changes to critical system files and configurations; while a hosts file change could be detected by FIM, a network sniffer would more directly reveal the redirection behavior itself, regardless of its root cause (e.g., DNS server compromise, router compromise, hosts file, proxy).
• C. A port scanner identifies open ports on a network device, which is not directly relevant to diagnosing a website redirection issue.

Concept tested. Network troubleshooting tools - Sniffer

Reference. https://www.cisco.com/c/en/us/about/press/internet-protocol-journal/back-issues/vol-13-no-2/ipj-v13-n2-packet-sniffers.html

No community discussion yet for this question.