Certified Threat Intelligence Analyst (CTIA) — Question 2

Enrage Tech Company hired Enrique, a security analyst, for performing threat intelligence analysis. While performing data collection process, he used a counterintelligence mechanism where a recursive DNS server is employed to perform interserver DNS communication and when a request is generated from any name server to the recursive DNS server, the recursive DNS servers log the responses that are received. Then it replicates the logged data and stores the data in the central database. Using these logs, he analyzed the malicious attempts that took place over DNS infrastructure.
Which of the following cyber counterintelligence (CCI) gathering technique has Enrique used for data collection?

Answer options

• A. Data collection through passive DNS monitoring
• B. Data collection through DNS interrogation
• C. Data collection through DNS zone transfer
• D. Data collection through dynamic DNS (DDNS)

Correct answer: A

Explanation

The correct answer is A, as passive DNS monitoring involves collecting and analyzing historical DNS query data, which aligns with Enrique's use of a recursive DNS server to log responses. Options B, C, and D do not apply because they refer to more active or different methods of DNS data collection that do not match the described mechanism of logging and replicating data.