SY0-501 Question #380: Real Exam Question with Answer & Explanation

Question

A penetration tester is conducting an assessment on Comptia.org and runs the following command from a coffee shop while connected to the public Internet: c:\nslookup -querytype=MX comptia.org Server: Unknown Address: 198.51.100.45 comptia.org MX preference=10, mail exchanger = 92.68.102.33 comptia.org MX preference=20, mail exchanger = exchg1.comptia.org exchg1.comptia.org internet address = 192.168.102.67 Which of the following should the penetration tester conclude about the command output?

Options

• AThe public/private views on the Comptia.org DNS servers are misconfigured.
• BComptia.org is running an older mail server, which may be vulnerable to exploits.
• CThe DNS SPF records have not been updated for Comptia.org.
• D192.168.102.67 is a backup mail server that may be more vulnerable to attack.

Explanation

The command output shows a secondary mail exchanger for comptia.org resolves to a private IP address, despite being queried from the public internet. This indicates a DNS misconfiguration where internal network information is being leaked externally, providing valuable reconnaissance data to a penetration tester.

Common mistakes.

• A. While the misconfiguration of public/private DNS views (split-horizon DNS) is the root cause, this option is a broader statement about the DNS setup, whereas the question asks for a conclusion about the specific server identified in the output.
• B. The nslookup command output does not provide any information about the mail server's software version, age, or specific vulnerabilities, so this conclusion cannot be drawn.
• C. The -querytype=MX flag specifically requests MX records; the output contains no information regarding SPF records, which are typically queried using querytype=TXT.

Concept tested. DNS information leakage (private IP exposure)

Reference. https://learn.microsoft.com/en-us/windows-server/networking/dns/deploy/split-horizon-dns

No community discussion yet for this question.