If DNS queries in captured traffic point to non-company IPs, which attack is most likely?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

If DNS queries in captured traffic point to non-company IPs, which attack is most likely?

Explanation:
DNS poisoning, or DNS spoofing, happens when a DNS resolver is fed forged or manipulated responses, causing domain queries to resolve to IP addresses controlled by an attacker. If you capture traffic and notice that DNS queries for company domains are resolving to non-company IPs, that directly points to tampering at the DNS layer. The effect is that users or systems are directed to a malicious host instead of the legitimate server, enabling credential harvesting, data theft, or further exploits. This is the best fit because the observable evidence is the incorrect IP mappings returned in DNS responses, not an issue of intercepting traffic after a connection has been established or exploiting a web application. Phishing involves tricking users into visiting a fraudulent site through messages or fake pages, and SQL injection targets vulnerabilities in a web application's database queries—neither of these explain seeing wrong IPs in DNS resolution. While a man-in-the-middle scenario can involve altering traffic, the primary indicator here is the DNS-level redirection, which is characteristic of DNS poisoning. To mitigate, enforce DNSSEC validation, harden resolvers, monitor for TTL anomalies, and utilize reputable DNS filtering.

DNS poisoning, or DNS spoofing, happens when a DNS resolver is fed forged or manipulated responses, causing domain queries to resolve to IP addresses controlled by an attacker. If you capture traffic and notice that DNS queries for company domains are resolving to non-company IPs, that directly points to tampering at the DNS layer. The effect is that users or systems are directed to a malicious host instead of the legitimate server, enabling credential harvesting, data theft, or further exploits. This is the best fit because the observable evidence is the incorrect IP mappings returned in DNS responses, not an issue of intercepting traffic after a connection has been established or exploiting a web application.

Phishing involves tricking users into visiting a fraudulent site through messages or fake pages, and SQL injection targets vulnerabilities in a web application's database queries—neither of these explain seeing wrong IPs in DNS resolution. While a man-in-the-middle scenario can involve altering traffic, the primary indicator here is the DNS-level redirection, which is characteristic of DNS poisoning. To mitigate, enforce DNSSEC validation, harden resolvers, monitor for TTL anomalies, and utilize reputable DNS filtering.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy