In which DNS poisoning scenario is a Trojan on a host used to change that host's DNS resolver settings to point to the attacker's server?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

In which DNS poisoning scenario is a Trojan on a host used to change that host's DNS resolver settings to point to the attacker's server?

Explanation:
The key idea here is that DNS poisoning can happen by compromising a victim’s own machine to alter how it resolves names. When a Trojan on a host changes that machine’s DNS resolver settings to point to an attacker-controlled DNS server, every domain lookup from that host goes to the attacker's server. That rogue resolver then decides which IP address to return, often steering the user to malicious sites or intercepting traffic. This is a form of poison that operates at the client level, effectively poisoning the DNS path that the user’s machine relies on when communicating over the Internet. This best fits the broader notion of Internet DNS poisoning because it describes corrupting how a specific host resolves names by directing its queries to an attacker’s server, rather than tampering with a recursive resolver’s cache (DNS cache poisoning) or merely forging responses (DNS spoofing). It’s also not about a proxy server’s DNS being poisoned, since the changes originate on the host itself.

The key idea here is that DNS poisoning can happen by compromising a victim’s own machine to alter how it resolves names. When a Trojan on a host changes that machine’s DNS resolver settings to point to an attacker-controlled DNS server, every domain lookup from that host goes to the attacker's server. That rogue resolver then decides which IP address to return, often steering the user to malicious sites or intercepting traffic. This is a form of poison that operates at the client level, effectively poisoning the DNS path that the user’s machine relies on when communicating over the Internet.

This best fits the broader notion of Internet DNS poisoning because it describes corrupting how a specific host resolves names by directing its queries to an attacker’s server, rather than tampering with a recursive resolver’s cache (DNS cache poisoning) or merely forging responses (DNS spoofing). It’s also not about a proxy server’s DNS being poisoned, since the changes originate on the host itself.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy