GIAC Certified Incident Handler (GCIH) — Question 192

attacker.evil.org is attempting to insert a poisoned cache entry for www.moneybags on the dns.victim.com DNS server using the Kaminsky method of DNS cache poisoning. Of the following choices, which would be an example of an effective query sent by the attacker?

Answer options

• A. redherring.dns.org
• B. greedy.moneybags.com
• C. bogus.victim.com
• D. help.evil.org

Correct answer: D

Explanation

The correct answer is D, as it is a query from the attacker's domain, which is necessary for the Kaminsky method to work effectively. Options A, B, and C do not originate from the attacker's domain and would not facilitate the cache poisoning process.