ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 724 discussion

Actual exam question from CompTIA's SY0-601
Question #: 724
Topic #: 1
[All SY0-601 Questions]

A security team has been alerted to a flood of incoming emails that have various subject lines and are addressed to multiple email inboxes. Each email contains a URL shortener link that is redirecting to a dead domain. Which of the following is the best step for the security team to take?

  • A. Create a blocklist for all subject lines.
  • B. Send the dead domain to a DNS sinkhole.
  • C. Quarantine all emails received and notify all employees.
  • D. Block the URL shortener domain in the web proxy.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Tikalosh at Oct. 15, 2023, 2:38 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Paula77
Highly Voted 1 year, 5 months ago
Selected Answer: D
This action stops any further redirection to the malicious or non-existent site. It’s a targeted approach that directly addresses the issue without affecting other email traffic. B. Send the dead domain to a DNS sinkhole can be effective but it doesn’t prevent users from clicking the link initially. It’s more of a reactive measure.
upvoted 10 times
LayinCable
1 year, 2 months ago
Thank you for saying this, I don't understand how people think sending the domain to a proxy server will stop the problem overall. People will still click the link, which will still head to the dead domain. If you block the specific URL, it WILL NOT block any other shortened URL's. That literally makes no sense. Again, thank you.
upvoted 1 times
Hellome123
1 year, 2 months ago
Blocking the URL shortener domain in the web proxy (option D) could be an effective measure to prevent access to the malicious URLs. However, it's important to consider the possibility that the attackers could use different URL shortener services or domains in the future. Therefore, while blocking the specific URL shortener domain may provide temporary relief, it might not address the root cause of the issue comprehensively. On the other hand, sending the dead domain to a DNS sinkhole (option B) effectively prevents any traffic attempting to reach the malicious domain, regardless of the method used to access it. This approach is more proactive and robust, as it targets the destination domain itself rather than relying on blocking specific intermediaries. It provides a broader defense against potential future threats involving similar tactics.
upvoted 5 times
janeyyyyyy322
1 year ago
love how rude people can be when theyre blatantly wrong
upvoted 2 times
...
...
...
...
qwes333
Highly Voted 1 year, 9 months ago
Selected Answer: B
Agree on B. DNS sinkhole prevent any eventual miss-click from the end users also.
upvoted 6 times
...
agfencer
Most Recent 1 year, 1 month ago
Selected Answer: D
Sending one dead domain to DNS sinkhole does not stop the attack. The attacker could easily shift to 100 other dead domains they hold, but they would need to devise an entirely new attack strategy if all URL shorteners are blocked by default. Also, this would not really impact business as usual since businesses don't often require URL shorteners internally, they can send full link.
upvoted 3 times
ETQ
9 months, 3 weeks ago
Except, they're not saying to block ALL URL shorteners, but block that domain. By your logic, it wouldn't stop the attack either, since they could create other URLs. It's easier to create different URLs than it is to deal with different domains.
upvoted 1 times
...
...
CG22
1 year, 2 months ago
Selected Answer: D
Sinkholing is the most suitable, blocking the URL shortner can block legitimate addresses too
upvoted 1 times
Marleigh
1 year, 2 months ago
then when did u select d... lol
upvoted 3 times
...
...
Malkhofash
1 year, 7 months ago
B. Send the dead domain to a DNS sinkhole.
upvoted 3 times
...
rickirikci11
1 year, 7 months ago
D absolutely: Block the URL shortener domain in the web proxy.
upvoted 1 times
...
DChilds
1 year, 9 months ago
Selected Answer: B
Send the dead domain to a DNS sinkhole is the most logical on the list.
upvoted 3 times
...
buckthesystem
1 year, 9 months ago
Selected Answer: B
DNS Sink as per qwes333
upvoted 3 times
...
Tikalosh
1 year, 10 months ago
Selected Answer: B
I considered D, however blocking the shortener domain would potentially block other legitimate shortened URLs. B results in mitigating the issue while not impacting other uses.
upvoted 4 times
Paula77
1 year, 5 months ago
When users attempt to access a shortened link, the proxy intercepts the request and checks whether the domain matches the blocked list. This measure does not imply blocking all shortener domains.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel