An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity, the analyst observes the following activity:
* A user enters comptia.org into a web browser.
* The website that appears is not the comptia.org site.
* The website is a malicious site from the attacker.
* Users in a different office are not having this issue.
Which of the following types of attacks was observed?
The type of attack observed is DNS poisoning. DNS poisoning, also known as DNS cache poisoning or DNS spoofing, involves an attacker altering the DNS records to redirect traffic from a legitimate site to a malicious site. In this scenario, the user enters 'comptia.org' but is redirected to a malicious site instead. This indicates that the DNS records for the user's network have been compromised, likely through a poisoned DNS cache, resulting in incorrect IP address resolutions for 'comptia.org'. This would not necessarily affect users in other offices if different DNS servers are used or if only a specific cache was poisoned.
This is the reason why the answer is 100% B : A. On Path Attack - sits in the middle of two stations changing data that comes across the path. - This is not the answer. B. DNS Poisining - Hacker reroutes traffic from legitimate site to fake version. This is what happened here. When user when to CompTIA.org, he went to fake version because legitimate DNS address/records/info for that site was changed at his site specifically. - This is the correct answer. C. Locator (URL) redirection - clicks on link and is redirected to malicious website. A URL was not clicked on in this question. A domain was typed in: Comptia.org. And also redirection was not described in this question. This is not the answer. D. Domain Higjacking - Website address is completely stolen by another party. The question clearly states that "users from a different office are not having this problem". If the users were having the problem, then this would mean that that the website was stolen. But because other users at other locations are not having the problem: This is not the answer. B. DNS Poisoning is the Only Correct Answer 100%
DNS Poisoning would affect ALL users in the office. C: is the Only Correct Answer, here. "Domain Name System (DNS) poisoning happens when fake information is entered into the cache of a domain name server, resulting in DNS queries producing an incorrect reply, sending users to the wrong website. DNS poisoning also goes by the terms “DNS spoofing” and “DNS cache poisoning.”
Question states it didn't affect a different "office".
The device's DNS cache is the first place it checks when a user performs a DNS lookup; DNS cache poisoning here.
Only some client have this problem about web tarns to malicious site. So choose B.
DNS (Domain Name System) poisoning, also known as DNS cache poisoning, is an attack in which an attacker maliciously alters the DNS cache of a domain name server. The objective is to redirect DNS queries for a legitimate domain to a malicious IP address, which could be controlled by the attacker. In this scenario, when the user enters "comptia.org" into the web browser, the DNS response is manipulated, and the user is directed to a malicious website hosted by the attacker instead of the legitimate comptia.org site. It's worth noting that users in a different office not having this issue indicates that the poisoning attack is likely targeting specific DNS servers or network segments.
Local DNS Cache is poisoned.
This would affect all the users on the network. The DNS cache is on the DNS server, not the clients
NOT DNS Poisoning - If that were the case, everyone would be impacted. DNS is not per user. I would go with Locator (URL) redirection
Exactly. DNS poisoning is within the DNS cache (the hosts file is NOT a DNS cache)
DNS server is not on local hosts, it is usually installed on the network, only this user is experiencing this malicious redirection, it doesn't matter how the URL was inserted, it's a local URL redirection not on the DNS server or else it would affect everyone on the network.
* Users in a different office are not having this issue. Plain and simple. If the DNS cache is poisoned, everyone would have the issue.
The user's DNS cache was poisoned, not CompTIA's
DNS poisoning is also referred to as DNS spoofing impacts the company DNS servers and will affect multiple computers in the office.
Perhaps everyone in the office might be affected, but not those in other offices, with different DNS servers
The issue is isolated to one user.
I thought B at first, however, that would affect ALL users, which is not the case. "Users in a different office are not having this issue"
I am wondering Domain Hijacking is not even the answer for any of these questions.. lol
The answer would have been DNS Poisoning if all users are impacted, since one user is impacted the answer is C as Locator URL redirection is a technique which allows an attacker to force users application or web browser to an untrusted external site.
A host was affected. ONLY one affected, not the entire network, so DNS poisoning is out. This is an example of Typosquatting aka URL redirection
(B) DNS poisoning....Sends a fake response to a valid DNS request....
B. DNS Poisoning I don’t think it’s URL Redirection because this type of attack dupes a victim, usually of an email message, into clicking a URL that looks like the legit site but redirects them to a scam site. The question stated nothing about this.
Although the C option might seem like its the right option,....It is very wrong in this context because URL Redirection is a vulnerability which allows an attacker to force users of your application to an untrusted external site. The attack is most often performed by delivering a link to the victim, who then clicks the link and is unknowingly redirected to the malicious website.. Based on that explanation, the right answer is D What Is DNS Poisoning? DNS poisoning is a hacker technique that manipulates known vulnerabilities within the domain name system (DNS). When it's completed, a hacker can reroute traffic from one site to a fake version. And the contagion can spread due to the way the DNS works
It’s not affecting other users so it’s C. Wouldn’t DNS poisoning affect other users ?
Someone could change the HOSTS file on your PC, and whenever you try to reach sites they have added on the list, your computer will automatically go to where they redirected you manually via that entry. It wont affect anyone else.
It would. A malicious program could alter the HOSTS file on a single infected machine. In effect it would be a URL redirection. C is absolutely the best answer here. (HOSTS changes are not the same as DNS cache poisoning and would affect only the infected machines)
According to ChatGPT B. DNS poisoning DNS poisoning, also known as DNS spoofing or DNS cache poisoning, is a type of attack in which an attacker alters the mapping of a domain name to an IP address. In this case, the analyst observed that a user enters comptia.org into a web browser, but the website that appears is not the actual comptia.org site. Instead, it's a malicious site controlled by the attacker. This behavior indicates that the attacker has poisoned the DNS server, causing the server to return the wrong IP address for the domain name comptia.org. This attack is also known as DNS Cache Poisoning. An on-path attack is an attack that intercepts and alters network traffic in transit. Locator (URL) redirection is a technique used to redirect a web page request to a different web page. Domain hijacking is an attack in which an attacker gains unauthorized access to a domain name registrar account, allowing them to change the DNS records and take control of a domain name.