Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 129

How is DNS tunneling used to exfiltrate data out of a corporate network?

Answer options

• A. It leverages the DNS server by permitting recursive lookups to spread the attack to other DNS servers
• B. It encodes the payload with random characters that are broken into short strings and the DNS server rebuilds the exfiltrated data
• C. It redirects DNS requests to a malicious server used to steal user credentials, which allows further damage and theft on the network
• D. It corrupts DNS servers by replacing the actual IP address with a rogue address to collect information or start other attacks

Correct answer: B

Explanation

Option B is correct because DNS tunneling works by encoding data into DNS queries, allowing the receiving server to reconstruct the original data from these requests. Options A, C, and D describe different types of attacks or manipulation that do not specifically relate to how DNS tunneling is used for data exfiltration.