Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.
Identify the behavior of the adversary in the above scenario.
Clark is a professional hacker. He created and configured multiple domains pointing to the same host to switch quickly between the domains and avoid detection.
Identify the behavior of the adversary in the above scenario.
The behavior described in the scenario is best identified as unspecified proxy activities. This involves the adversary creating and configuring multiple domains pointing to the same host to switch quickly between the domains, which helps in avoiding detection. By using unspecified proxy activities, the adversary can evade security measures designed to detect and block suspicious domains or IP addresses.
A. Unspecified proxy activities CEH book V12 Module 1 P26 Unspecified Proxy Activities : An adversary can create and configure multiple domains pointing to the same host, thus, allowing an adversary to switch quickly between the domains to avoid detection. Security professionals can find unspecified domains by checking the data feeds that are generated by those domains. Using this data feed, the security professionals can also find any malicious files downloaded and the unsolicited communication with the outside network based on the domains.
The Anser is A, you can check ansers on V11.
The correct option is A. . Unspecified proxy activities
D. Use of DNS tunneling
D. Use of DNS tunneling Explanation: DNS tunneling is a technique used by adversaries to bypass security controls and exfiltrate data from a compromised network. It involves creating DNS queries and responses that encapsulate other types of traffic, such as command and control communications or stolen data.
A. Unspecified proxy activities In my book is module 1 page 18
Unspecified Proxy Activities An adversary can create and configure multiple domains pointing to the same host, thus, allowing an adversary to switch quickly between the domains to avoid detection. Security professionals can find unspecified domains by checking the data feeds that are generated by those domains. Using this data feed, the security professionals can also find any malicious files downloaded and the unsolicited communication with the outside network based on the domains. CEH V12 pg 26
Unspecified proxy activities !
A. Unspecified proxy activities
A. Unspecified proxy activities
A. Unspecified proxy activities
So...it's B, 90% sure because there's a very similar question for the CTIA certification and it specifies that for Fast-Flux DNS the way you identifty it is by making use of command-line interface. Very well structured question, but now I can see that there's a lot of domain-crossing between certifications.
So...I misunderstood the question; the way you identify it is indeed Use of CLI. However, if we have to mention what the attacker is doing, then it would be A
A. Unspecified proxy activities