ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 652 discussion

Actual exam question from CompTIA's SY0-601
Question #: 652
Topic #: 1
[All SY0-601 Questions]

A user recently entered a username and password into a recruiting application website that had been forged to look like the legitimate site. Upon investigation, a security analyst identifies the following:

• The legitimate website's IP address is 10.1.1.20 and eRecruit.local resolves to this IP.
• The forged website's IP address appears to be 10.2.12.99, based on NetFlow records.
• All three of the organization's DNS servers show the website correctly resolves to the legitimate IP.
• DNS query logs show one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise.

Which of the following MOST likely occurred?

  • A. A reverse proxy was used to redirect network traffic.
  • B. An SSL strip MITM attack was performed.
  • C. An attacker temporarily poisoned a name server.
  • D. An ARP poisoning attack was successfully executed.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by sujon_london at Sept. 7, 2023, 6:43 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sujon_london
Highly Voted 1 year, 9 months ago
Selected Answer: C
Very weird question!!
upvoted 26 times
...
sujon_london
Highly Voted 1 year, 9 months ago
Selected Answer: C
an attacker temporarily poisoned a name server, occurred. The DNS query logs show that one of the three DNS servers returned a result of 10.2.12.99 (cached) at the approximate time of the suspected compromise, indicating that the attacker may have compromised a DNS server to replace the valid IP address for a trusted website with a forged one. This type of attack is known as a pharming attack, where the attacker compromises the process of DNS resolution to redirect network traffic to a forged website
upvoted 12 times
...
Nemish71
Most Recent 1 year, 1 month ago
I would skip this question and go for either b or c randomly at the end.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel