1_4_9 Section 1 – Attacks, Threats, and Vulnerabilities - 1.4 – Network Attacks - DNS Attacks

Questions and Answers

What is one way attackers can manipulate a DNS server?

• By updating antivirus software
• By configuring a VPN
• By poisoning the DNS server (correct)
• By using a firewall

How can attackers modify DNS information on a legitimate DNS server?

• By using a VPN connection
• By updating the DNS resolver software
• By launching a DDoS attack
• By modifying the host file on individual devices (correct)

What does the host file on a machine do in relation to DNS queries?

• It blocks all DNS queries
• It accelerates DNS queries
• It randomizes DNS queries
• It takes precedence over DNS queries (correct)

How can an attacker redirect traffic to their website using DNS poisoning?

By manipulating the IP address in DNS queries (D)

In DNS poisoning, what role does the attacker play in altering a query?

Sitting in the middle and modifying the query (D)

What can an attacker achieve by changing the IP address of a domain in DNS?

Redirecting users to a malicious website (C)

What can an attacker do if they purchase a domain name similar to a legitimate one?

Try different phrasings of the domain name. (D)

How can a company's email reputation be negatively affected?

Having users mark their emails as spam. (B)

What might happen if malware is present on a company's web server?

Search engines will warn users about malware on the site. (B)

How can a company prevent damage to its email reputation?

Monitoring the reputation of its email IP address. (B)

Why would an attacker want to trick users into visiting a fake website?

To gain access to sensitive information. (A)

What happens to a website's reputation if it is found to contain malware?

The site is flagged as unsafe by search engines. (C)

What can an attacker achieve by modifying the DNS configuration files on a DNS server?

Redirecting users to incorrect IP addresses (A)

How did attackers maintain control of the domain information for a Brazilian bank during the domain hijack?

By redirecting users to the hacker's website (D)

What type of attack involves creating a domain name similar to a legitimate one to redirect users to different pages?

URL hijack (C)

How can an attacker convert mistyped domain names into an advantage?

By creating phishing websites (C)

During a domain hijack, what was the primary outcome for users who accessed the DNS server associated with the Brazilian bank?

They were redirected to the hacker's website (D)

How does an attacker use a mistyped domain name as an opportunity for profit?

By selling the mistyped domain name to the legitimate owner (B)

What is a possible consequence of an attacker gaining access to a registrar's account in charge of domain configurations?

Redirecting users to incorrect IP addresses (A)

Which method would an attacker likely use to redirect traffic from one company's site to its competitor?

Registrar phishing attacks (D)

What is one method that attackers can use to perform DNS poisoning?

Modifying the host file on individual devices (D)

How can an attacker redirect traffic to their website through DNS poisoning?

Sitting in the middle of a conversation with an on-path attack (A)

In DNS poisoning, what role does the host file on a machine play?

Overriding DNS configurations stored on the DNS server (A)

Which attack method involves an attacker modifying a query being sent to a client?

Man-in-the-middle attack (D)

What is the purpose of an attacker changing the IP address in a DNS query?

To redirect traffic to the attacker's website (B)

How does sitting in the middle of a conversation help an attacker with DNS poisoning?

It enables them to modify DNS queries in transit (A)

What could be a consequence if a company's email reputation is tarnished?

The ability to send emails to users may be limited or restricted. (C)

How can malware on a company's web server impact its reputation?

Search engines will warn visitors that the site contains malware. (B)

What action can companies take to monitor their email IP address reputation?

Constantly check and monitor their email IP address reputation. (B)

Why is it crucial for companies to be aware of the reputation of their email and web servers?

To avoid limitations on sending emails and warnings about malware. (C)

What could happen if a user unknowingly visits a website with malware present on its server?

The user's browser will display a warning message about malware. (A)

Why is it challenging for a company to recover from having malware on its web server?

Removing the malware does not immediately restore the website's reputation. (D)

What is the primary method an attacker might use to modify DNS information on a legitimate DNS server?

Gaining access to the domain registrar's account (C)

How could an attacker potentially redirect users to a competitor's site using domain names?

By creating domain names that are similar to the competitor's domain (D)

In what way can an attacker use a mistyped domain name for their advantage?

Installing malicious software by intercepting mistyped URLs (C)

What technique did the attackers use during the Brazilian bank domain hijack to maintain control of the DNS information?

Modifying the registrar's account details (D)

How did attackers redirect users to ad-filled pages instead of legitimate websites through URL hijacking?

Creating URLs with common typos or misspellings (A)

What potential threat arises if an attacker gains access to the email associated with a domain registrar's account?

Changing MX records to divert emails (B)

How might an attacker impact a legitimate company's website reputation by redirecting traffic to its competitor?

Misleading users and hurting brand credibility (A)

Why would an attacker create domain names similar to legitimate ones?

To confuse users and redirect them to malicious sites (C)