A security analyst is investigating some users who are being redirected to a fake website that resembles www.comptia.org. The following output was found on the naming server of the organization: Which of the following attacks has taken place?
DNS server cache poisoning aims to corrupt the records held by the DNS server itself. This can be accomplished by performing DoS against the server that holds the authorized records for the domain, and then spoofing replies to requests from other name servers. Another attack involves getting the victim name server to respond to a recursive query from the attacking host. A recursive query compels the DNS server to query the authoritative server for the answer on behalf of the client.
Domain Hijacking is the act of changing the registration of a domain name without the permission of the original owner, or by abuse of privileges on domain hosting and domain registrar systems.
DNS poisoning is when false information is entered into a DNS Cache, so that DNS queries return an incorrect response that directs users to the wrong website.
The answer is D because the question says "redirected to a fake website" - and we are also looking at a DNS table in the picture which means the answer is D.
DNS Poisoning vs Domain Hijacking:
DNS = IP Address. It changes the IP Addresses.
Domain = DNS Records. It changes the name of the Domain. DNS Reg is getting pointed to another server.
Answer: D
DNS poisoning involves manipulating the Domain Name System (DNS) cache of a DNS server to redirect domain name resolutions to malicious IP addresses. In this scenario, users are being redirected to a fake website resembling www.comptia.org, indicating that the DNS records for the legitimate domain have been tampered with.
It is not hijacking as the system administer can still see the dns record which mean he still has access to it , if this got hijacked the wouldn't have access to it isn't it ?
And DNS poisonings redirect the user to the fake website . that why i think the correct answer is DNS poisonings .
It's up to you to do the research and figure out which one is the correct answer. If this site had all the right answers, it would probably be shut down. The way I see it, at least you're presented with all the possible questions on the test.
also, using the info of the DNS table: in this case, the DNS server has incorrect mappings, associating the legitimate www.comptia.org with the malicious IP address 192.168.1.10. When users attempt to access www.comptia.org, they are redirected to that fake website
It's hijacking as that is another DNS not your own (which would be DNS poisoning)
https://www.malwarebytes.com/cybersecurity/business/what-is-dns-hijacking
Answer is B.
After a domain hijacking incident, the attackers may have full control over the domain name settings, including the ability to change the domain name and IP address associated with it.
Change Domain Name: The attackers can modify the domain's DNS settings and point it to a different domain name.
In this scenario exactly happen domain hijacked maybe through phishing or by other means, then changed the dns name or IP addresses.
Considering first domain hijacked and then changes IP address. Where most comments suggesting DNS poisoning.
Indeed answer should be B followed by question given sequence clues.
As many things can happen once domain hijacked.
The given scenario describes a DNS poisoning attack. In this attack, the attacker has manipulated the DNS records on the naming server to associate the domain name "www.comptia.org" with a malicious IP address (192.168.1.10). As a result, when users try to access the legitimate website www.comptia.org, they are redirected to a fake website hosted at the malicious IP address.
SOUNDS GOOD, but what in this question instigates that 192.168.1.10 is a malicious IP address? I wanna believe your answer, but no where does it state that this is a malicious IP address.
The IP 192.168.1.10 doesn't follow the standard of the other IP's and it is also a private IP address. Regardless, if you ever see the IP "192.168.1.X", assume it doesn't belong.
Following throught the question, the domain is comptia.org, and we can assume www has a fake IP because it's for a different network from all the other records (I know it's silly and that in itself does not mean anything, but we work with what we have).
Option B: Several things can happen when a domain is hijacked. The hackers may take control of the website and use it for malicious purposes, such as spreading malware or conducting phishing attacks. They could also redirect traffic to other websites, resulting in lost sales or damage to your brand reputation
The D is correct because if DNS poisoning occurs most times the website is same and not a resemblance.
During a DNS poisoning attack, a hacker substitutes the address for a valid website for an imposter. Once completed, that hacker can steal valuable information, like passwords and account numbers. Or the hacker can simply refuse to load the spoofed site.
Someone browsing the web may never know that DNS spoofing is happening. The person may visit a site that looks perfectly normal, and even functions somewhat normally, so everything seems safe.
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
stoneface
Highly Voted 2 years, 8 months agoRileyG
Highly Voted 2 years agoRyanL26
Most Recent 1 year, 1 month agoalicia2024
1 year, 3 months agoRr_Jay
1 year, 4 months agoTolis21
1 year, 5 months agogeocis
1 year, 4 months agoTeleco0997
1 year, 6 months agoTeleco0997
1 year, 6 months agon00r1
1 year, 6 months agoBlackSpider
1 year, 8 months agovitasaia
1 year, 6 months agoDannaD
1 year, 9 months agoRevolutionaryAct
1 year, 9 months agodaddylonglegs
1 year, 7 months agoMpololo
1 year, 6 months agosujon_london
1 year, 9 months agoProtract8593
1 year, 10 months agoKraken84
1 year, 9 months agoKingbumi777
1 year, 8 months agoHCM1985
1 year, 8 months agoHaykinz
1 year, 10 months agoDutch012
2 years agoTheGuitarMan_61
2 years, 1 month agoAbdul2107
2 years, 1 month agoNeither_you_nor_me
2 years, 1 month ago