Which term describes hiding data within DNS requests to evade security controls?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which term describes hiding data within DNS requests to evade security controls?

Explanation:
DNS tunneling is the technique of hiding data within DNS requests to evade security controls. It uses the DNS protocol itself as a covert channel, encoding data into the domain name portions of queries (and sometimes responses) sent to a domain controlled by an attacker. The DNS server at that domain collects the data, enabling data exfiltration or even command-and-control communication while blending in with normal DNS traffic. This works well for evading controls because DNS is typically allowed through firewalls and security gateways, so the traffic can slip past inspections that focus on other protocols. Signs of DNS tunneling include unusually long or highly encoded subdomain strings, very high entropy in query labels, a large number of requests to a single domain, or unusual DNS query patterns that don’t match typical business activity. Other terms refer to detection, indicators of compromise, or related but different concepts (like a web-based backdoor), whereas DNS tunneling specifically describes the hiding technique itself.

DNS tunneling is the technique of hiding data within DNS requests to evade security controls. It uses the DNS protocol itself as a covert channel, encoding data into the domain name portions of queries (and sometimes responses) sent to a domain controlled by an attacker. The DNS server at that domain collects the data, enabling data exfiltration or even command-and-control communication while blending in with normal DNS traffic. This works well for evading controls because DNS is typically allowed through firewalls and security gateways, so the traffic can slip past inspections that focus on other protocols. Signs of DNS tunneling include unusually long or highly encoded subdomain strings, very high entropy in query labels, a large number of requests to a single domain, or unusual DNS query patterns that don’t match typical business activity. Other terms refer to detection, indicators of compromise, or related but different concepts (like a web-based backdoor), whereas DNS tunneling specifically describes the hiding technique itself.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy