CertNexus Certified Cyber Secure Coder (CSC) — Question 10
During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?
Answer options
- A. Internet Relay Chat (IRC)
- B. Dnscat2
- C. Custom channel
- D. File Transfer Protocol (FTP)
Correct answer: B
Explanation
The correct answer is B, Dnscat2, as it is specifically designed to facilitate command and control through DNS tunneling, which aligns with the observed behavior of excessive DNS requests. The other options, such as IRC and FTP, do not inherently support the same type of encoded communication and are not commonly associated with this specific attack pattern.