When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log.
What will be the destination IP Address in that log entry?
Hmm, that's a good point. I didn't consider that possibility. But wouldn't that mean the traffic would still be routed to an external server, rather than being completely sinkholed? I'm leaning more towards C, just to be safe.
I'm not so sure about that. What if the sinkhole is configured to use the IP address of one of the external DNS servers identified in the anti-spyware database? Wouldn't that be D then?
Yeah, I agree with you. The sinkhole is designed to redirect the malware-infected host's traffic to a specific IP address, so C seems like the logical choice here. It's a pretty straightforward question, but I'm sure the exam will have some trickier ones too.
Hmm, this question seems to be testing our understanding of how DNS sinkholing works. I'm pretty sure the answer is C, the IP address specified in the sinkhole configuration. That's where the traffic would get redirected to, right?
upvoted 0 times
...
Log in to Pass4Success
Sign in:
Report Comment
Is the comment made by USERNAME spam or abusive?
Commenting
In order to participate in the comments you need to be logged-in.
You can sign-up or
login
Clemencia
8 months agoRaylene
8 months agoLawrence
7 months agoCammy
7 months agoLuis
8 months agoNilsa
8 months agoLon
8 months agoJean
8 months agoCatherin
8 months agoAvery
8 months agoTamar
8 months ago