Examice

Exam SY0-601 All QuestionsBrowse all questions from this exam

Go to Exam

Question 688

Which of the following best describes a use case for a DNS sinkhole?

Attackers can see a DNS sinkhole as a highly valuable resource to identify a company's domain structure.

A DNS sinkhole can be used to draw employees away from known-good websites to malicious ones owned by the attacker.

A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.

A DNS sinkhole can be set up to attract potential attackers away from a company's network resources.

Correct Answer: C

A DNS sinkhole is primarily used to capture traffic to known-malicious domains used by attackers. It works by redirecting DNS queries for these malicious domains to a controlled server, where the traffic can be analyzed or simply blocked. This prevents users from accessing harmful content and can help in identifying and mitigating security threats posed by such domains.

Discussion

johnny3991tOption: C

This was on my exam. I picked c

GeronemoOption: C

Here's why: A DNS sinkhole is a technique used to redirect DNS queries for malicious domains to a controlled server, typically a non-existent or "sinkhole" server, instead of the actual malicious server. This allows organizations to intercept and block traffic to known-malicious domains, preventing users from accessing malicious content or communicating with command-and-control servers operated by attackers.

russianOption: C

Its C guys. B - DNS sinkhole doesnt redirect anything D - a honeypot attracts not DNS sinkhole

MortG7Option: C

A DNS sinkhole does NOT ATTRACT any traffic...it captures and redirect to null. C

Rowdy_47Option: C

This was my initial understanding of a sinkhole A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS[1] is a Domain Name System (DNS) server that has been configured to hand out non-routable addresses for a certain set of domain names. Computers that use the sinkhole fail to access the real site.[2] The higher up the DNS resolution chain the sinkhole is, the more requests will fail, because of the greater number of lower nameservers that in turn serve a greater number of clients. Some of the larger botnets have been made unusable by top-level domain sinkholes that span the entire Internet.[3] DNS Sinkholes are effective at detecting and blocking bots and other malicious traffic. DNS sinkholing is used to provide wrong DNS resolution and alternate the path of the users to different resources instead of the malicious or non-accessible content. A sinkhole is a way of redirecting malicious internet traffic so that it can be captured and analyzed by security analysts. Sinkholes are most often used to seize control of botnets by interrupting the DNS names of the botnet that is used by the malware. https://resources.infosecinstitute.com/topics/general-security/dns-sinkhole/

HibiwwOption: D

Answer is D

Gwcan

D is a honeypot, not a DNS sinkhole.

memodrums

Both B and C are correct, is just how you use it.

russian

youre retarded

GwcanOption: C

C perfectly describes a DNS sinkhole.

jwoyer001Option: C

C for this one

plopeupOption: B

It is B because a sinkhole redirects the users to a different site. Can be used by attackers and security. It is not C because C mentions capturing traffic, not redirection.

ad61da2Option: D

d is answer