Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu
Comptia Discussions

Exam SY0-601 topic 1 question 35 discussion

Actual exam question from CompTIA's SY0-601
Question #: 35
Topic #: 1
[All SY0-601 Questions]

An organization's help desk is flooded with phone calls from users stating they can no longer access certain websites. The help desk escalates the issue to the security team, as these websites were accessible the previous day. The security analysts run the following command: ipconfig /flushdns, but the issue persists. Finally, an analyst changes the DNS server for an impacted machine, and the issue goes away. Which of the following attacks MOST likely occurred on the original DNS server?

  • A. DNS cache poisoning
  • B. Domain hijacking
  • C. Distributed denial-of-service
  • D. DNS tunneling
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by AlexBoti at Jan. 3, 2021, 5:56 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Dauntress
Highly Voted 1 year, 7 months ago
The answer is B. With Domain Hijacking, The DNS will be unavailable but DNS poisoning will redirect web browsers to malicious URLs. in this Case, the DNS that has been Hijacked was unavailable. They were not redirected to a malicious URL'
upvoted 28 times
AspiringScriptKiddie
1 year, 2 months ago
domain hijacking is hijacking an individual domain, often through the registrar's credentials. This definition is given unanimously on every site. Just search "domain hijacking" and read. If multiple domains were hijacked then maybe, but this says several. Also, it says the sites were inaccessible. If you hijacked a domain, why would you then do nothing with it?
upvoted 3 times
...
mdsabbir
1 year, 2 months ago
Hijacking redirect websites not completely made inaccessible. Its DDoS partially made service unavailable.
upvoted 3 times
AwsTrev
10 months ago
This is an internal DNS server. There is not DDoS (with emphasis on DISTRIBUTED) that will target this internal DNS server.
upvoted 1 times
...
...
Mehedi07
9 months, 2 weeks ago
The ipconfig /flushdns purges the DNS Resolver Cache. This flushes and resets the contents of the DNS client resolver cache. It can be used during DNS troubleshooting to discard negative cache entries. However, resetting the cache does not eliminate entries that are preloaded from the local Hosts file. When the analyst changed it manually it worked. A is the correct answer.
upvoted 6 times
Itrf
9 months ago
for me A is still the best answer beceause b is about the domain and not the server so changing the server won't change the issue
upvoted 3 times
...
...
panagiss
5 months, 2 weeks ago
No. Domain hijacking would not have affected multiple websites. And also it stated that they changed the DNS and the problem resolved. Where as if it was domain hijacking, it should be present even after the DNS change
upvoted 6 times
...
Load full discussion...
...
AlexBoti
Highly Voted 1 year, 7 months ago
I believe the answer is A: DNS poisoning. Domain Hijacking will NOT affect multiple sites. Only the one being hijacked
upvoted 19 times
dendio
9 months, 1 week ago
"Which of the following attacks MOST likely occurred on the original DNS server?" Original DNS server - singular. Also running ipconfig/flushdns would've resolved the issue if it were DNS poisoning.
upvoted 1 times
...
cswarwick
1 year, 7 months ago
websites plural
upvoted 2 times
...
...
jred57
Most Recent 6 days, 9 hours ago
A. CompTIA doesn't provide enough info to confidently answer (I am jack's lack of surprise) So an assumption must be made. This is a local DNS server, not an authoritative one, so it also builds a cache, hence the suggested and probably correct answer is DNS cache poisoning. The ipconfig /flushdns command flushes the users machine but that isn't where the "poison" is originating. It doesn't explicitly say they are redirected, just that the target website is unavailable...but being redirected from your target website makes it unavailable...F*#k you CompTIA.
upvoted 1 times
...
dnc1981
4 weeks ago
Selected Answer: A
The security analyst changed the DNS to a different server and the issue was resolved. Therefore the cache was poisoned on the original DNS server
upvoted 1 times
...
kewlboy
1 month ago
It is a because they where able to get into the website when they changed the DNS server. This is also why it cannot be domain hijacking, if they where to take control of a domain then changing the DNS server would not have done anything as the attackers would still have access to the domain. DNS cache poisoning however would be an attacker directly attacking a specific server hence why they where able to get the website fixed when they changed the DNS sever.
upvoted 1 times
...
Kokomoko
1 month, 2 weeks ago
Selected Answer: C
It should not be A, DNS Cache poisoning, because the problem persisted even after DNS flushing which prevents DNS cache poisoning. I also don't believe that it is B, Domain hijacking because the websites are down, not redirecting users to malicious websites. Plus, you should not be doing mental gymnastics or assuming a more rare case of hijacking where the DNS that has been hijacked was unavailable. I think it has to be C, where the server is down and therefore multiple websites are unavailable.
upvoted 1 times
...
hmAZtime
4 months, 2 weeks ago
I think it's C DDOS If flushdns doesn't resolved the issue, then it's not DNS cache poisoning. The only possible answer is DDOS. The targeted disrupted sever is overwhelmed by the flooding of Internet traffic.
upvoted 1 times
...
chanke
4 months, 2 weeks ago
At first the question was leading to a DDOS attack but reading more into the question they talked about the changes they made to remedy the issue with the DNS that is when I got the questions and lead me a DNS problem! Great question
upvoted 1 times
...
MF55
4 months, 3 weeks ago
Not necessarily DDOS attack will bring the whole DNS server down. DNS can still resolve "some" queries while under attack if the attack is not powefull enough. Obvious impact of DNS poisoning is to redirect users to malicious websites. And that's not being specified in the question. I'll go with DDOS
upvoted 1 times
...
CapnFlint
5 months ago
Its DDoS against the DNS Server. Domain hijacking would likely only affect one site and it owuld be replaced with a malicious site, not just taken down. DNS Poisoning would also be directing users to a malicious site. DNS Cache was flushed and the issue persisted, whic means it was a poisoned local cache or just bad entries in the local cache. Since changing the DNS server worked, it suggest the problem was not the local coputers but rather the original DNS server, which wasnt working because it was being DDoS'ed
upvoted 2 times
...
rojkiki
5 months, 1 week ago
Selected Answer: A
A https://www.cloudflare.com/learning/dns/dns-cache-poisoning/
upvoted 1 times
...
jiminycriminal
5 months, 2 weeks ago
"Security analysts run the follow command: ipconfig /dnsflush" on what device? It doesn't say a client device. A security analyst would know to do this on the dns server. Also, users cannot access the websites. They are denied access. Cache poisoning is usually used to resolve to another (malicious) website. This sound like a DDoS attack on the original DNS server.
upvoted 3 times
jiminycriminal
5 months, 1 week ago
Reread the question a few times. FLOODED with calls that they CANT ACCESS certain websites. DNS poisoning is a redirection, almost always, for attacks like pharming. The best answer is DDOS attack on original DNS server.
upvoted 4 times
...
...
Timock
6 months ago
Selected Answer: A
It is DNS poisoning - Clearing the cache locally on the machine had no effect as it re-pulled the info from the DNS server that has been poisoned. Changing the DNS and pulling from another DNS location cleared the issue - Meaning ... the issue is on the DNS Server and not the local machine.
upvoted 6 times
...
hac_cah
6 months, 3 weeks ago
Selected Answer: A
"... users stating they can no longer access certain websites." Usually domain hijacking regards only a domain. They don't say that the websites are from different domains. Flush DNS is only client side flush. Won't help if the DNS server cache is poisoned. DDoS could fit ONLY IF ALL websites would be unreachable (the question states "CERTAIN"). The only one that fits is DNS poisoning.
upvoted 1 times
Doflamingo
4 months, 2 weeks ago
If DNS server was down by a DDoS attack, the clients still can access some sites that are being resolved by their cache or host file.
upvoted 1 times
...
...
TheAlien
8 months, 2 weeks ago
Selected Answer: A
After going through the discussion and reading the question multiple times, I'd go with A. And here is why: A. DNS cache poisoning The question is "which most likely occured ON THE ORIGINAL DNS server?", so NOT on the client. Running ipconfig /flushdns will clear the clients dns cache, but if the servers cache is poisoned, this will have no effect. B. Domain hijacking Question states users can no longer access certain websites (plural), domain hijacking would only affect one domain. C. Distributed denial-of-service Could be possible, but if the server was taken down by a DDOS attack, it would either resolve no websites at all or only some. Question states that certain websites are affected, so I think it's not a DDOS attack. D. DNS tunneling Garbage answer. I'm not even talking about that one.
upvoted 13 times
[Removed]
7 months, 3 weeks ago
I was confused with multiple response but your explanation cleared me. Thanks
upvoted 1 times
...
...
Dannette2
9 months ago
Answer is C, a distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
upvoted 3 times
...
Dannette2
9 months ago
Answer is C, a distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel