ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 322 discussion

Actual exam question from Cisco's 200-201
Question #: 322
Topic #: 1
[All 200-201 Questions]



Refer to the exhibit. What is occurring?

  • A. possible DNS amplification attack with requests that maximize data quantity
  • B. possible DNS tunneling with encrypted communication through CNAMEs
  • C. possible DNS cache poisoning with misdirects toward a fraudulent website
  • D. possible botnet traffic with random MX querying to generate increased traffic
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by aole at Dec. 20, 2023, 11:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tkeitt
7 months, 1 week ago
Selected Answer: B
https://alparslanakyildiz.medium.com/detecting-dns-tunnelling-with-wireshark-71ce39cd8fe5
upvoted 3 times
...
JasonPhi
9 months ago
The correct answer is B. DNS tunneling. Source: https://www.researchgate.net/figure/DNS-tunnel-traffic-capture_fig4_323202936
upvoted 1 times
...
anon_learns_cisco
9 months ago
there is request and answer, looks more like encrypted kind of messages between compromised host and control-server
upvoted 1 times
...
RoBery
11 months ago
I think it is B
upvoted 2 times
...
listas
12 months ago
One request and one reply, it's a 1:1 relation, no amplification.
upvoted 3 times
...
aole
12 months ago
I think this should B
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel