Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam SY0-501 topic 1 question 540 discussion

Actual exam question from CompTIA's SY0-501
Question #: 540
Topic #: 1
[All SY0-501 Questions]

A security administrator suspects that a DDoS attack is affecting the DNS server. The administrator accesses a workstation with the hostname of workstation01 on the network and obtains the following output from the ipconfig command:

The administrator successfully pings the DNS server from the workstation. Which of the following commands should be issued from the workstation to verify the
DDoS attack is no longer occuring?

  • A. dig www.google.com
  • B. dig 192.168.1.254
  • C. dig workstation01.com
  • D. dig 192.168.1.26
Show Suggested Answer Hide Answer

Suggested Answer: C

Comments

forward
Highly Voted 1 year, 1 month ago
I'm no expert however, I believe the answer is (C). The question ask Which of the following commands should be issued from the workstation to verify the DDoS attack is no longer occuring? DDoS prevents traffic from reaching its intended location, hence denial, if the traffic/message reaches its location the DDoS attack is no longer occurring. Just my thoughts on this one.
upvoted 7 times
Teza
7 months, 2 weeks ago
So where is the location? Is workstation01.com a valid destination based on this question?
upvoted 2 times
...
...
Jenkins3mol
Highly Voted 1 year, 6 months ago
why not A?
upvoted 7 times
Jenkins3mol
1 year, 6 months ago
and what is this Domain of "workstation01.com" this answer is just ridiculous... I have been searching a lot on the internet. Nobody ever digs on their own machine name. It's just WEIRD. Can anyone explain why the answer is workstation01.com?
upvoted 15 times
fernriva
1 year, 2 months ago
Since the SysAdmin can ping the DNS server... now the sysadmin executes the command line to perform a DNS lookup to see if the reply from the domain name server is valid. The nslookup can use an ip address or computer name. The computer name should be registered.
upvoted 1 times
riley5
1 year, 2 months ago
Sorry, so are you saying the answer is A or C?
upvoted 1 times
who__cares123456789___
3 months, 1 week ago
Am I the only one that notices the default gateway and DNS server have same IP addy? And I see no mention of that in any comments,,,,wtf?
upvoted 3 times
Funkydave
2 weeks, 1 day ago
almost every single SOHO router is configured like this.
upvoted 1 times
...
...
...
...
Hans
1 year, 6 months ago
Agreed, furthermore what make the answer sure that the workstation01 is valid with the TLD .com ???
upvoted 1 times
...
...
Mesrop
1 year, 2 months ago
In addition, can someone explain why the answer should be "A"?
upvoted 3 times
Hash___
3 months, 3 weeks ago
Dig is the equivalent of nslookup but on linux. The analyst is doing a request to the dns using dig. If it tells corretcly the IP for www.google.com, it will mean the DNS server is working.
upvoted 1 times
...
...
...
MortG7
Most Recent 1 month, 2 weeks ago
LOL...not sure what monkey wrote this question, but when you issue a ipconfig command, you are implying windows...then you present the "dig" command which is primarily a linux networking tool similar to nslookup ( I know I know, there are ways to install dig on windows), but the question is idiotic.
upvoted 1 times
...
malvina
2 months ago
C correct: When the supplied server argument is a hostname, dig resolves that name before querying that name server. If no server argument is provided, dig consults /etc/resolv.conf; if an address is found there, it queries the name server at that address.
upvoted 1 times
...
CrystalClear
4 months ago
What if the company in canada and its workstation01.ca :P or .org how they assume its .com the answer is A
upvoted 1 times
...
Poker69
5 months ago
Answer B, you do the query against the internal DNS server, if a DDOs in progress the DNS server will not respond since the service is being flooded with large numbers of packets to targeted network infrastructures and infrastructure management tools.
upvoted 1 times
...
Not_My_Name
6 months, 1 week ago
Dammit... the answer really is 'C'. I just tried in on my office domain. Not sure WHY it works with a .com extension (default alias perhaps???) -- but it does work. So the answer makes sense. First test connectivity with ping, then test internal DNS resolution, then move outwards with external DNS resolution, etc. (Ya learn something new everyday.)
upvoted 4 times
...
hlwo
6 months, 2 weeks ago
The answer is correct I tried on my Linux vm . It will give you the same output as if you write the command without the end part".com". Try it yourself.
upvoted 2 times
...
DookyBoots
6 months, 2 weeks ago
Maybe dig google.com is not the answer because it would most likely already be in the DNS cache?
upvoted 1 times
...
Waffa
7 months, 2 weeks ago
Also the question did not mentioned any internet connection ,
upvoted 1 times
Teza
7 months, 1 week ago
Where exactly can the DDoS be coming from if not from the internet? A malicious insider? Please I need some clarification.
upvoted 1 times
...
...
Waffa
7 months, 2 weeks ago
Guys, please focus, C is correct , DNS server solve IP address into The match domain name , so If u can PING the resolved domain name which is Workstation01.com means the DNS server is working probarly . Also the hint in the question where it gave you the output og Ipconfig , Just think about it ,, Examiner try to trick u
upvoted 2 times
Teza
7 months, 1 week ago
Your explanation doesnt add up, please clarify
upvoted 1 times
...
...
WDE2015
8 months, 2 weeks ago
with ipconfig he knows his host IP so he can resolve his host domain name to the IP. Bad part is .com is just assumed we can’t dig the IP because that answer is not available. To perform a reverse DNS lookup the command is dig -x 192.168..1.26. With that being said the google IP address might not be cached and it’s outside your LAN because if you notice the DNS and Gateway are the same. The DDoS attack against a DNS server would be a DNS flood where queries for entries do not exist fill up the cache and leads to resource exhaustion so that leaves just C as the most correct answer. Also if the Recursive DNS can’t find the IP address cached it goes to the authoritative DNS server. The workstation01.com should be cached First the recursive server would go to the root domain servers. Then, it goes to the authoritative server designated as .com. Hope this helps
upvoted 3 times
...
Hot_156
10 months ago
The answer is correct. He pinged the DNS first and it works. Now, he sends a DNS query internally (C) and then he test it with an external query... IT makes sense
upvoted 2 times
MagicianRecon
9 months, 3 weeks ago
Lol ... and how do we even remotely come to know that "workstation01.com" is a valid domain or is even a A record on the DNS server?
upvoted 1 times
Hot_156
9 months, 2 weeks ago
Do you work in a company? you can test this with the name of the computer. I tested it :) I did nslookup to my computer name with the .com at the end and I got a response so that is why I assume that the provide answer is correct.
upvoted 4 times
Teza
7 months, 2 weeks ago
I just used both dig and nslookup and no valid response returned but using www.google.com returned the ip address for google.
upvoted 1 times
Poker69
5 months ago
In order to use DIG you need a Linux box or download Windows DIG, lookup's need to be done for google.com NOT WWW.GOOGLE.COM
upvoted 1 times
...
...
Hot_156
9 months, 2 weeks ago
Also, you are not testing a "domain"! you are testing a computer name resolution! LOL! Watch out in the exam...
upvoted 3 times
babati
8 months, 2 weeks ago
DNS = domain name system
upvoted 1 times
...
...
...
...
...
SimonR2
10 months, 1 week ago
Assuming C isn’t some sort of typo, the only one that makes any sense would be A. That’s because when the ddos attack was carried out on the DNS server it was no longer able to respond or carry out any external recursive queries. By digging against google were proving that our dns server is able to make recursive queries against root, too level domains and google to get a result. None of the others can prove this. Obviously we could have a host file entry or cached results, but A is the best of a group of bad answers.
upvoted 3 times
AlexChen011
1 month, 2 weeks ago
Great explaination
upvoted 1 times
...
...
xtf5x
11 months, 1 week ago
who says it is External DNS? it might be internal DNS and cannot dig google!?
upvoted 1 times
GabrieleV
11 months, 1 week ago
BTW workstation01.com it's anyway an external record (even worst, that probably doesn't exist), I guess no one it's so crazy to have .com as local domain..
upvoted 1 times
...
...
Tzu
1 year ago
I think that google.com might have been cached already and they might’ve needed to try a new address to eliminate that factor . Haha. This is crazy but it’s possible.
upvoted 1 times
...
BG3
1 year, 1 month ago
Agree. Answer should be "A". While I have a workstation with hostname Workstation01, nowhere does it state that "workstation01.com" is valid.
upvoted 1 times
...

SaveCancel