CompTIA Security+ (SY0-601) — Question 105

An analyst receives multiple alerts for beaconing activity for a host on the network. After analyzing the activity, the analyst observes the following activity:

* A user enters comptia.org into a web browser.
* The website that appears is not the comptia.org site.
* The website is a malicious site from the attacker.
* Users in a different office are not having this issue.

Which of the following types of attacks was observed?

Answer options

• A. On-path attack
• B. DNS poisoning
• C. Locator (URL) redirection
• D. Domain hijacking

Correct answer: B

Explanation

The correct answer is B, DNS poisoning, because the user is being redirected to a malicious site instead of the legitimate comptia.org, indicating that the DNS resolution process has been compromised. The other options, such as On-path attack (A), Locator (URL) redirection (C), and Domain hijacking (D), do not specifically explain the scenario where DNS records have been altered to lead users to a different site.