CompTIA Security+ (SY0-601) — Question 506

Which of the following best describes a use case for a DNS sinkhole?

Answer options

• A. Attackers can see a DNS sinkhole as a highly valuable resource to identify a company's domain structure.
• B. A DNS sinkhole can be used to draw employees away from known-good websites to malicious ones owned by the attacker.
• C. A DNS sinkhole can be used to capture traffic to known-malicious domains used by attackers.
• D. A DNS sinkhole can be set up to attract potential attackers away from a company's network resources.

Correct answer: C

Explanation

The correct answer, C, is accurate because a DNS sinkhole captures and redirects traffic to malicious domains, allowing for monitoring and mitigation of threats. Option A is incorrect as it focuses on attackers gaining insights rather than the defensive application of a sinkhole. Option B misrepresents the function of a sinkhole, which does not direct users to malicious sites, and D does not correctly reflect the primary purpose of a DNS sinkhole, which is traffic capture rather than diversion.