CFR-310 Exam QuestionsBrowse all questions from this exam

CFR-310 Exam - Question 27


During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?

Show Answer
Correct Answer: B

The scenario describes a situation where a name server receives excessive requests referring to the same domain name and host name encoded in hexadecimal. Dnscat2 is a tool that uses DNS for command and control by tunneling data through DNS queries. This method is covert and leverages the DNS protocol, which fits the given description accurately. Internet Relay Chat (IRC) and File Transfer Protocol (FTP) are not typically associated with hex-encoded DNS requests. A custom channel is too generic and does not specifically describe the observed behavior.

Discussion

2 comments
Sign in to comment
r04dB10ckOption: B
Mar 19, 2023

netcat via DNS protocol

WutanOption: B
Sep 5, 2023

The answer is B. Dnscat2. Dnscat2 is a DNS tunneling protocol that can be used to establish a covert communication channel between a malware-infected device and a command and control server. Dnscat2 uses DNS queries to transmit data, which makes it difficult to detect and block.