Which technique obfuscates malicious traffic by carrying it within common protocols in legitimate traffic?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which technique obfuscates malicious traffic by carrying it within common protocols in legitimate traffic?

Explanation:
Hiding malicious traffic inside ordinary protocol communications creates a covert channel. DNS tunneling does exactly this by packing data into DNS queries and responses. Because DNS traffic is usually allowed through networks and often not scrutinized deeply, an attacker can exfiltrate data or maintain a command-and-control channel by encoding information in subdomain labels or DNS TXT records, making the traffic appear legitimate while carrying malicious payloads. Defenders look for signs like unusual or high-entropy subdomains, long or abnormal DNS query strings, and atypical DNS response patterns. Other options don’t describe this method: HTTP User Agent detection targets client identifiers rather than hiding traffic; data staging concerns preparing data for exfiltration; and command-and-control server detection is about finding the C2 host, not the technique of tunneling traffic through a common protocol.

Hiding malicious traffic inside ordinary protocol communications creates a covert channel. DNS tunneling does exactly this by packing data into DNS queries and responses. Because DNS traffic is usually allowed through networks and often not scrutinized deeply, an attacker can exfiltrate data or maintain a command-and-control channel by encoding information in subdomain labels or DNS TXT records, making the traffic appear legitimate while carrying malicious payloads. Defenders look for signs like unusual or high-entropy subdomains, long or abnormal DNS query strings, and atypical DNS response patterns. Other options don’t describe this method: HTTP User Agent detection targets client identifiers rather than hiding traffic; data staging concerns preparing data for exfiltration; and command-and-control server detection is about finding the C2 host, not the technique of tunneling traffic through a common protocol.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy