An employee opens a web browser and types a URL into the address bar. Instead of reaching the requested site, the browser opens a completely different site. Which of the following types of attacks have MOST likely occurred? (Choose two.)
I'll take the provided answers and... I'm done with this test material. It was exhausting to go through all of it.
Thank you everyone who contributed with answers and opinions, and good luck!~
Domain hijacking—an adversary gains control over the registration of a domain name, allowing the host records to be configured to IP addresses of the attacker's choosing.
Session hijacking, man in the browser is a type of a tack where the user is still in a legitimate website such as may looking his bank account so hackers is not directing the user in the compromised or malicious website. However, cores site scripting and DNS hijacking has the potential to direct the user into malicious website so the answer to me is
A and B
Domain hijacking is completely different animal it is taking away the owners legitimate domain name and sell it to others
Session hijacking is an attack where a user session is taken over by an attacker. A session starts when you log into a service, for example your banking application, and ends when you log out. ... The server is then fooled into treating the attacker's connection as the original user's valid session. Provided answers are correct
I have thoroughly enjoyed this man's sass through these questions lol. Every time I get a tossup question I go "I wonder what MichaelLangdon said about cmoptia this time"
A,B,C,D are optional bat if I prioritize them:
A. DNS hijacking - for example someone change the DNS record from google.com to eval IP
C. Domain hijacking - Someone buy the domain name "In 2015 Lenovo's website and Google's main search page for Vietnam were briefly hijacked"
D. MITB - Someone develop browser extension change HTTP request and response to eval site
B. XSS - "Stored XSS" could set JS will redirect every user will visit or destroy page content and render iframe with eval site...
E. Irrelevant :)
A & C for sure.
A - Aka DNS redirection... DNS queries are incorrectly resolved in order to redirect users to sites that may be malicious.
C - The domain name was stolen. It opens the correct site, but the contents were changed so it looks like a different site.
NOT...
D. MITB - is only capturing browser session data, like using a keylogger. Not redirecting traffic.
E - Session hijacker uses the victim's id/session/cookie for impersonation by inserting the id into the http header and send it to the website. hijacker can now have access to the victim's account. Not redirecting traffic.
Provided answers are correct
A session hijacking relies on the attacker’s knowledge of your session cookie, so it is also called cookie hijacking or cookie side-jacking. Although any computer session could be hijacked, session hijacking most commonly applies to browser sessions and web applications.
The question tells that the victim typed a URL and his browser opend a completly different site. In your opinion a "session hijacking" attack causes the VICTIM's browser to be redirected to another URL? Good luck for the exam.
No doubt that one of the two correct answers is A.
For the second one, I think that session hijacking is absolutely wrong; In a session hijacking attack, the attacker utilizes the user’s session ID to impersonate the user; the victim is not redirected to other sites.
In my opinion D is wrong as well; the purpose of a man-in-the-browser attack is to capture browser session data, including keystrokes, along with all data sent to and from the web browser (for example collect logon informations from forms pages).
DNS spoofing is an attack in which traffic is redirected from a legitimate website such as www.google.com, to a malicious website such as google.attacker.com. DNS spoofing can be achieved by DNS redirection. For example, attackers can compromise a DNS server, and in this way “spoof” legitimate websites and redirect users to malicious ones.
Answers B and C are both possible.
Domain hijacking (answer C), is described as a form of identity theft as consists in changing the registration of the domain without the permission of the legitimate owner; basically the attacker takes possession of the domain and they can use it or more often sell it to a third party (or resell to the former owner as a form of ransome). Of course if you take full control of the site you can change it and redirect to other sites, but usually that's NOT the real purpose of this kind of attack.
Technically answer B is a valid way to achieve a transparent redirection; a possible way to do an automatic redirection is executing a javascrip code; if you write a redirection code in javascript and you manage to inject that code into a web site page (that means XSS attack) you'll done the job. I've personally tried that on my webiste: the result is that users trying to connect to the site are instantly redirected to the site specified in the javascript code. Therfore I would choose answer B.
Session hijacking does not make any sense at all. I, as well, think that A and D is the right answer. Session hijacking is when you trick a host that is "talking" with the same user but in reality the session was hijacked.
There mist be a reason why the attacker wants you to go to the site. One reason could be session highjacking to install/use cookies on your browser for malicious purposes.
upvoted 2 times
...
...
This section is not available anymore. Please use the main Exam Page.SY0-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
steven1
Highly Voted 4 years, 10 months agoEVE12
3 years, 11 months agoDiogenes_td
Highly Voted 4 years, 10 months agoJJJJJJames123
4 years, 1 month agofonka
Most Recent 3 years, 11 months agoL1singh
4 years, 2 months agoCindan
4 years, 2 months agonakres64
4 years, 3 months agoMichaelLangdon
4 years, 6 months agoexiledwl
4 years, 5 months agoidoIL
4 years, 6 months agoIrv_NewJersey
4 years, 6 months agohlwo
4 years, 8 months agoEstiva
4 years, 9 months agoDuranio
4 years, 9 months agoigorg
4 years, 9 months agoDuranio
4 years, 10 months agofonka
3 years, 11 months agoDuranio
4 years, 10 months agosamittec
4 years, 10 months agockkid
4 years, 7 months agockkid
4 years, 7 months agoRiise
4 years, 10 months agoKudojikuto
4 years, 10 months agoDante_Dan
4 years, 11 months agoAerials
4 years, 10 months ago