SY0-501 Question #206: Real Exam Question with Answer & Explanation

Question

A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a LAN on comptia.org from example.org. Which of the following commands should the security analyst use? (Select two.)

Options

• Anslookup
• Bnslookup
• Cdig -axfr [email protected]
• Dipconfig/flushDNS
• Eifconfig eth0 down
• F[email protected] comptia.org

Explanation

DNS zone transfer testing requires specific tools that can query authoritative DNS servers for complete zone data. Both nslookup (cross-platform) and dig (Linux) support zone transfer requests using AXFR query type.

Common mistakes.

• B. Although nslookup appears twice in the choices, choice B is a duplicate and is not independently distinct from choice A; only one instance of nslookup is needed as the correct cross-platform tool.
• D. ipconfig /flushdns is a Windows command that clears the local DNS resolver cache and has no capability to test or perform DNS zone transfers on a remote server.
• E. ifconfig eth0 down is a Linux command that disables a network interface entirely, which is a network configuration action and is completely unrelated to DNS zone transfer testing.
• F. While 'dig @example.org comptia.org' queries the example.org DNS server for A records of comptia.org, it does not request an AXFR zone transfer; the missing '-axfr' flag means it performs a standard lookup rather than a zone transfer test.

Concept tested. DNS zone transfer testing using nslookup and dig AXFR

Reference. https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nslookup

No community discussion yet for this question.