How might corporate IT professionals deal with DNS-based cyber threats?
- Limit the number of simultaneously opened browsers or browser tabs.
- Monitor DNS proxy server logs and look for unusual DNS queries.
- Use IPS/IDS devices to scan internal corporate traffic.
- Limit the number of DNS queries permitted within the organization.
Explanation: DNS queries for randomly generated domain names or extremely long random-appearing DNS subdomains should be considered suspicious. Cyberanalysts could do the following for DNS-based attacks:
Analyze DNS logs.
Use a passive DNS service to block requests to suspected CnC and exploit domains.
Exam with this question: CyberOps Associate (Version 1.0) - CyberOps Associate 1.0 Practice Final exam
Exam with this question: CCNA Cyber Ops Chapter 11 Exam Answers
Please login or Register to submit your answer