Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CertNexus CFR-410 Exam - Topic 3 Question 23 Discussion

During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?
B) Dnscat2
A) Internet Relay Chat (IRC)
C) Custom channel
D) File Transfer Protocol (FTP)

CertNexus CFR-410 Exam - Topic 3 Question 23 Discussion

Actual exam question for CertNexus's CFR-410 exam
Question #: 23
Topic #: 3
[All CFR-410 Questions]

During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?

Show Suggested Answer Hide Answer
Suggested Answer: B, E

by Tonette at Oct 16, 2023, 04:50 PM

Limited Time Offer

25%

Off

Get Premium CFR-410 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dean
7 months ago
I agree, Dnscat2 fits the description perfectly!
upvoted 0 times
...
Princess
7 months ago
Wait, are we sure it’s not FTP? That seems odd.
upvoted 0 times
...
Teri
7 months ago
Definitely sounds like a custom channel setup.
upvoted 0 times
...
Antonio
7 months ago
I thought IRC was more common for this type of attack.
upvoted 0 times
...
Aretha
7 months ago
Dnscat2 is often used for C2 in these cases.
upvoted 0 times
...
Antonio
7 months ago
I keep mixing up Dnscat2 and custom channels; both seem like they could fit, but I lean towards Dnscat2 for this scenario.
upvoted 0 times
...
Lanie
8 months ago
This question feels familiar; I think we had a practice question about malware using DNS for communication.
upvoted 0 times
...
Socorro
8 months ago
I'm not entirely sure, but I think IRC is more about chat and not specifically for DDoS attacks.
upvoted 0 times
...
Anjelica
8 months ago
I remember studying Dnscat2 in class, and it uses DNS for command and control, which seems relevant here.
upvoted 0 times
...
Salena
8 months ago
The question mentions a distributed denial of service attack, so I'm thinking the malware is trying to hide its command and control channel. That makes me suspect it's using a custom channel rather than a standard protocol like IRC or FTP.
upvoted 0 times
...
Gail
8 months ago
Okay, so the malware is using excessive requests to a name server, which points to a DNS-based command and control. I'm pretty sure the answer is Dnscat2.
upvoted 0 times
...
Lyla
8 months ago
This seems like a tricky one. I'll need to think through the details carefully to figure out the right command and control method.
upvoted 0 times
...
Hortencia
8 months ago
Hmm, the hexadecimal encoding of the domain and host name is a good clue. I'm leaning towards Dnscat2 as the answer, but I want to double-check my understanding.
upvoted 0 times
...
Cordelia
8 months ago
This is a tough one, but I feel confident in my knowledge of audits and management reviews. I'll carefully analyze each statement and choose the correct answer.
upvoted 0 times
...
Jani
8 months ago
I'm pretty sure the ABC approach is about classifying inventory based on the total amounts required, so I'll go with option B.
upvoted 0 times
...
Deeanna
8 months ago
Okay, I think I've got this. The key is to prevent the packets from taking the direct path, so I'll go with option B to set L2 Unknown Unicast to Hardware Proxy.
upvoted 0 times
...
Charolette
8 months ago
From my practice questions, I feel like Service Requests can be handled by the Service Desk staff, which might make statement 3 true.
upvoted 0 times
...
Luther
1 year ago
FTP? Seriously? That's like using a carrier pigeon to send your malware instructions. Dnscat2 all the way, baby!
upvoted 0 times
Myong
1 year ago
C) Custom channel
upvoted 0 times
...
Anglea
1 year ago
B) Dnscat2
upvoted 0 times
...
Shelia
1 year ago
A) Internet Relay Chat (IRC)
upvoted 0 times
...
...
Nathan
1 year ago
IRC? Really? What is this, the early 2000s? Gotta be Dnscat2, that's the newest and most sophisticated-sounding option.
upvoted 0 times
Mirta
1 year ago
Dnscat2 is the way to go for this type of command and control.
upvoted 0 times
...
Art
1 year ago
Definitely not FTP, that's too basic.
upvoted 0 times
...
Dominga
1 year ago
Yeah, IRC seems outdated for this kind of attack.
upvoted 0 times
...
Dorthy
1 year ago
I think it's Dnscat2 too, sounds more advanced.
upvoted 0 times
...
...
Aleisha
1 year ago
I'm not sure, but I think C) Custom channel could also be a possibility.
upvoted 0 times
...
Brunilda
1 year ago
Custom channel? Sounds like the malware author was trying to be a special snowflake. I'll go with B, Dnscat2, it's the most technical-sounding one.
upvoted 0 times
Lauryn
1 year ago
Yeah, it seems like the most likely choice for this scenario.
upvoted 0 times
...
Josephine
1 year ago
I agree, Dnscat2 does sound pretty technical.
upvoted 0 times
...
...
Lorenza
1 year ago
Dnscat2? Sounds like a dance move to me! But hey, at least it's not FTP - that's so 90s.
upvoted 0 times
...
Shenika
1 year ago
I agree with Sophia, Dnscat2 makes sense in this scenario.
upvoted 0 times
...
Sophia
1 year ago
I think the answer is B) Dnscat2.
upvoted 0 times
...

Save Cancel