What should a cybersecurity analyst look for to detect DNS tunneling?
- longer than average DNS queries
- incorrect MAC to IP address mappings
- gratuitous ARP requests
- rogue DHCP servers
Explanation: DNS tunneling can frequently be detected by looking for unusual DNS queries, such as those that are too long or query for an unusual domain name.
Exam with this question: 17.2.8 Check Your Understanding - Network Services Attacks
Please login or Register to submit your answer