Exam 350-701 topic 1 question 21 discussion

Correct Answer A The attacker registers a domain, such as badsite.com. The domain’s name server points to the attacker’s server, where a tunneling malware program is installed. The attacker infects a computer, which often sits behind a company’s firewall, with malware. Because DNS requests are always allowed to move in and out of the firewall, the infected computer is allowed to send a query to the DNS resolver. The DNS resolver is a server that relays requests for IP addresses to root and top-level domain servers. The DNS resolver routes the query to the attacker’s command-and-control server, where the tunneling program is installed. A connection is now established between the victim and the attacker through the DNS resolver. This tunnel can be used to exfiltrate data or for other malicious purposes. Because there is no direct connection between the attacker and victim, it is more difficult to trace the attacker’s computer.

None of the answers address the actual question.

Answer is A

I would also go with answer A.

A for sure

The attacker registers a domain, such as badsite.com. The domain’s name server points to the attacker’s server, where a tunneling malware program is installed. The attacker infects a computer, which often sits behind a company’s firewall, with malware. Because DNS requests are always allowed to move in and out of the firewall, the infected computer is allowed to send a query to the DNS resolver. The DNS resolver is a server that relays requests for IP addresses to root and top-level domain servers.

I think B is the correct

DNS tunneling is a technique used by attackers to exfiltrate data by encoding the data into DNS queries or responses. The attacker creates a covert communication channel between the victim's computer and a server controlled by the attacker. This technique uses the DNS protocol to bypass firewalls and other network security measures. The correct answer is A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection. The attacker creates a DNS tunnel by encoding the data in the DNS queries or responses that are sent to the server controlled by the attacker. The server then extracts the data from the queries or responses and sends it to the attacker.

Dont think any of the answers are correct, DNS exfil wont deliver malware. Malware will use DNS tunneling to exfil data.

Does anyone else think this questions answers have been mixed up with Question 16?