During a network investigation, DNS packets traveling across the network belonged to a non-company configured IP. Which attack can be inferred?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

During a network investigation, DNS packets traveling across the network belonged to a non-company configured IP. Which attack can be inferred?

Explanation:
DNS poisoning occurs when forged DNS data is injected into a resolver’s cache or into a DNS server, causing domain names to resolve to IP addresses controlled by an attacker. If you see DNS packets on the network that resolve to an IP address not owned by the company, it indicates that the DNS data being used to map names to addresses has been tampered with. That is the essence of DNS poisoning—the attacker effectively poisons the DNS data so legitimate domains point to malicious hosts. The other options don’t fit: cookie poisoning relates to cookies, not DNS data; session poisoning involves tampering with session state, not DNS records; DNS redirection can be a consequence of poisoning but the explicit attack name for tampering DNS answers is DNS poisoning. To further investigate, check DNS logs, compare responses with authoritative records, look for forged responses with mismatched IDs or TTL anomalies, and consider enabling DNSSEC to prevent such tampering.

DNS poisoning occurs when forged DNS data is injected into a resolver’s cache or into a DNS server, causing domain names to resolve to IP addresses controlled by an attacker. If you see DNS packets on the network that resolve to an IP address not owned by the company, it indicates that the DNS data being used to map names to addresses has been tampered with. That is the essence of DNS poisoning—the attacker effectively poisons the DNS data so legitimate domains point to malicious hosts. The other options don’t fit: cookie poisoning relates to cookies, not DNS data; session poisoning involves tampering with session state, not DNS records; DNS redirection can be a consequence of poisoning but the explicit attack name for tampering DNS answers is DNS poisoning. To further investigate, check DNS logs, compare responses with authoritative records, look for forged responses with mismatched IDs or TTL anomalies, and consider enabling DNSSEC to prevent such tampering.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy