CompTIA PenTest+ (PT0-002) — Question 228

A penetration tester runs the following command:

dig @ dns01.comptia.local axfr comptia.local

If successful, which of the following types of information would be provided?

Answer options

• A. The DNSSEC certificate and CA
• B. The DHCP scopes and ranges used on the network
• C. The hostnames and IP addresses of internal systems
• D. The OS and version of the DNS server

Correct answer: C

Explanation

If the command is successful, it performs a zone transfer, which provides a list of all hostnames and their corresponding IP addresses within the specified domain, making option C the correct answer. Options A, B, and D do not relate to the information retrieved via a DNS zone transfer, as they pertain to different aspects of network management and security.