Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 593

How does DNS Tunneling exfiltrate data?

Answer options

• A. An attacker registers a domain that a client connects to based on DNS records and sends malware through that connection.
• B. An attacker opens a reverse DNS shell to get into the client's system and install malware on it.
• C. An attacker sends an email to the target with hidden DNS resolvers in it to redirect them to a malicious domain.
• D. An attacker uses a non-standard DNS port to gain access to the organization's DNS servers in order to poison the resolutions.

Correct answer: A

Explanation

The correct answer, A, describes how an attacker can exploit DNS records to establish a connection that facilitates malware transfer. Options B, C, and D do not accurately represent the mechanics of DNS Tunneling, as they involve different attack vectors that do not specifically pertain to the exfiltration of data through DNS queries.