ExamTopics Logo
Mail Us[email protected]
Menu
Certnexus Discussions
exam questions

Exam CFR-310 All Questions

View all questions & answers for the CFR-310 exam
Go to Exam

Exam CFR-310 topic 1 question 27 discussion

Actual exam question from CertNexus's CFR-310
Question #: 27
Topic #: 1
[All CFR-310 Questions]

During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?

  • A. Internet Relay Chat (IRC)
  • B. Dnscat2
  • C. Custom channel
  • D. File Transfer Protocol (FTP)
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by r04dB10ck at March 19, 2023, 7:35 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
044f354
8 months, 3 weeks ago
Selected Answer: B
B. Dnscat2 Explanation: Dnscat2 is a tool used for creating DNS-based command and control (C2) channels. In this case, the malware is making excessive requests to a DNS server, with domain and host names encoded in hexadecimal. This indicates the use of DNS tunneling for communication between the malware and the command server, which is a key characteristic of Dnscat2. Why the other answers are incorrect: A. Internet Relay Chat (IRC): IRC is an older form of command and control communication often used in botnets, but it doesn't involve DNS requests or encoding hostnames in hexadecimal. C. Custom channel: A custom C2 channel refers to a bespoke communication method, but the question specifies DNS-related traffic, which points specifically to DNS tunneling tools like Dnscat2. D. File Transfer Protocol (FTP): FTP is used for file transfers and is not commonly used for C2 communication, especially in the context of DNS traffic.
upvoted 1 times
...
Wutan
1 year, 9 months ago
Selected Answer: B
The answer is B. Dnscat2. Dnscat2 is a DNS tunneling protocol that can be used to establish a covert communication channel between a malware-infected device and a command and control server. Dnscat2 uses DNS queries to transmit data, which makes it difficult to detect and block.
upvoted 1 times
...
r04dB10ck
2 years, 3 months ago
Selected Answer: B
netcat via DNS protocol
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel