An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity, the analyst observes the following activity: A user enters comptia.org into a web browser. The website that appears is not the comptia.org site. The website is a malicious site from the attacker. Users in a different office are not having this issue. Which of the following types of attacks was observed?

Correct Answer B. DNS poisoning DNS poisoning (also known as DNS cache poisoning) occurs when an attacker manipulates the DNS resolution process, causing a user to be redirected to a malicious site even when they enter a legitimate domain name like comptia.org. In this scenario, the user types comptia.org into the browser, but is redirected to a malicious site instead of the intended website. The fact that users in a different office are not experiencing this issue suggests that the problem may be localized to certain DNS servers or network configurations, which is consistent with DNS poisoning. Reasons the other options are incorrect: On-path attack: An on-path attack (formerly known as a man-in-the-middle attack) occurs when an attacker intercepts communication between two parties. In this case, the user is directly accessing a malicious website without interception, so this type of attack is not the most likely explanation. Locator (URL) redirection: URL redirection could be a part of the attack, but it is not as specific as DNS poisoning. URL redirection typically involves redirecting users to a different URL, but it doesn't necessarily involve malicious tampering with DNS resolution. Domain hijacking: Domain hijacking occurs when an attacker takes control of an existing domain. In this case, the user is redirected to a malicious site, but there is no indication that the domain comptia.org has been hijacked. Rather, it suggests that the DNS resolution has been compromised to direct users to a different site.

An analyst receives multiple alerts for beaconing activity f

An analyst receives multiple alerts for beaconing activity f - CompTIA Security+ SY0-701

Question

An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity, the analyst observes the following activity:

A user enters comptia.org into a web browser.
The website that appears is not the comptia.org site.
The website is a malicious site from the attacker.
Users in a different office are not having this issue.

Which of the following types of attacks was observed?

Answers

path attack
correct

DNS poisoning
Locator (URL) redirection
Domain hijacking

Explanation

Correct Answer B. DNS poisoning

DNS poisoning (also known as DNS cache poisoning) occurs when an attacker manipulates the DNS resolution process, causing a user to be redirected to a malicious site even when they enter a legitimate domain name like comptia.org. In this scenario, the user types comptia.org into the browser, but is redirected to a malicious site instead of the intended website. The fact that users in a different office are not experiencing this issue suggests that the problem may be localized to certain DNS servers or network configurations, which is consistent with DNS poisoning.

Reasons the other options are incorrect:

On-path attack: An on-path attack (formerly known as a man-in-the-middle attack) occurs when an attacker intercepts communication between two parties. In this case, the user is directly accessing a malicious website without interception, so this type of attack is not the most likely explanation.
Locator (URL) redirection: URL redirection could be a part of the attack, but it is not as specific as DNS poisoning. URL redirection typically involves redirecting users to a different URL, but it doesn't necessarily involve malicious tampering with DNS resolution.
Domain hijacking: Domain hijacking occurs when an attacker takes control of an existing domain. In this case, the user is redirected to a malicious site, but there is no indication that the domain comptia.org has been hijacked. Rather, it suggests that the DNS resolution has been compromised to direct users to a different site.

View Full Course Content Try our Free Questions

No Payment Cards Needed

CompTIA Security+ SY0-701 exam

Normally $69

$45/month

Subjects Included

CompTIA Security+ SY0-701

Additional Features

Over 300 Practice Questions with Answers
Quizzes in every Lesson Provided
Detailed Analysis of Questions with Answers and Explanations
Detailed Notes with Chapters, Topics & Lessons
24/7 Live chat support
24/7 WhatsApp support
One Full Month Access

Get Started

View Other Pricing Plans

CompTIA Prep

CompTIA Cloud+ CV0-004

Start Course Prep

CompTIA Prep

CompTIA Server+ SK0-005

Start Course Prep

Easy way to pass your test within a week with prepsaret

You don’t need one month to study and pass your test.
With Prepsaret, it takes you a few days to grasp all the concepts needed to pass your exams

View Courses Offered