Which DNS attack involves injecting forged DNS records into the resolver's cache to redirect queries?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which DNS attack involves injecting forged DNS records into the resolver's cache to redirect queries?

Explanation:
The main concept here is DNS cache poisoning. This attack happens when forged DNS records are inserted into a DNS resolver’s cache, so future lookups for a domain are answered with attacker-controlled information instead of the legitimate address. In normal DNS operation, a resolver caches mappings for domains for a certain TTL so that repeated requests can be answered quickly without querying authoritative servers every time. An attacker can exploit timing by sending forged responses that look legitimate (matching the expected transaction details) and cause the resolver to store the malicious mapping. Once that poisoned data is cached, many users who query the domain will be redirected to the attacker’s IP until the TTL expires. This description precisely matches injecting forged records into the resolver’s cache to redirect queries. Other terms like DNS spoofing can refer to broader attack methods that aren’t necessarily tied to the resolver’s cache, and “intranet” or “Internet” poisoning aren’t standard terms for this specific phenomenon.

The main concept here is DNS cache poisoning. This attack happens when forged DNS records are inserted into a DNS resolver’s cache, so future lookups for a domain are answered with attacker-controlled information instead of the legitimate address.

In normal DNS operation, a resolver caches mappings for domains for a certain TTL so that repeated requests can be answered quickly without querying authoritative servers every time. An attacker can exploit timing by sending forged responses that look legitimate (matching the expected transaction details) and cause the resolver to store the malicious mapping. Once that poisoned data is cached, many users who query the domain will be redirected to the attacker’s IP until the TTL expires.

This description precisely matches injecting forged records into the resolver’s cache to redirect queries. Other terms like DNS spoofing can refer to broader attack methods that aren’t necessarily tied to the resolver’s cache, and “intranet” or “Internet” poisoning aren’t standard terms for this specific phenomenon.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy