- Limit the number of simultaneously opened browsers or browser tabs.
- Monitor DNS proxy server logs and look for unusual DNS queries.
- Use IPS/IDS devices to scan internal corporate traffic.
- Limit the number of DNS queries permitted within the organization.
Explanation: DNS queries for randomly generated domain names or extremely long random-appearing DNS subdomains should be considered suspicious. Cyberanalysts could do the following for DNS-based attacks:
Analyze DNS logs.
Use a passive DNS service to block requests to suspected CnC and exploit domains.
More Questions: CyberOps Associate (Version 1.0) – CyberOps Associate 1.0 Practice Final exam
More Questions: CCNA Cyber Ops Chapter 11 Exam Answers