Certified Threat Intelligence Analyst (CTIA) — Question 30

An attacker instructs bots to use camouflage mechanism to hide his phishing and malware delivery locations in the rapidly changing network of compromised bots. In this particular technique, a single domain name consists of multiple IP addresses.
Which of the following technique is used by the attacker?

Answer options

• A. DNS zone transfer
• B. Dynamic DNS
• C. DNS interrogation
• D. Fast-Flux DNS

Correct answer: D

Explanation

The correct answer is Fast-Flux DNS, which allows an attacker to rapidly change the IP addresses associated with a single domain, making it difficult to track and mitigate. DNS zone transfer and DNS interrogation are not related to the dynamic changing of IPs for camouflage, while Dynamic DNS does update IPs but lacks the rapid flux characteristic that defines Fast-Flux DNS.