CompTIA Security+ (SY0-501) — Question 571

Which of the following scenarios would make a DNS sinkhole effective in thwarting an attack?

Answer options

• A. An attacker is sniffing traffic to port 53, and the server is managed using unencrypted usernames and passwords.
• B. An organization is experiencing excessive traffic on port 53 and suspects an attacker is trying to DoS the domain name server.
• C. Malware is trying to resolve an unregistered domain name to determine if it is running in an isolated sandbox.
• D. DNS routing tables have been compromised, and an attacker is rerouting traffic to malicious websites.

Correct answer: D

Explanation

The correct answer is D because a DNS sinkhole can redirect malicious traffic intended for compromised routing tables back to a controlled environment, preventing users from accessing harmful sites. Options A, B, and C do not involve situations where a DNS sinkhole would effectively mitigate an attack; they address issues related to traffic sniffing, DoS attacks, and malware behavior, respectively.