CompTIA Security+ (SY0-601) — Question 786

A company's public-facing website, https://www.organization.com, has an IP address of 166.18.75.6. However, over the past hour the SOC has received reports of the site's homepage displaying incorrect information. A quick nslookup search shows https://www.organization.com is pointing to 151.191.122.115. Which of the following is occurring?

Answer options

• A. DoS attack
• B. ARP poisoning
• C. DNS spoofing
• D. NXDOMAIN attack

Correct answer: C

Explanation

The correct answer is C, DNS spoofing, because the website is resolving to an unexpected IP address, indicating that DNS records may have been altered. Options A and D refer to different types of attacks that do not involve DNS resolution changes, while B, ARP poisoning, relates to local network attacks rather than DNS issues.