New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CertNexus CFR-410 Exam - Topic 3 Question 23 Discussion

Actual exam question for CertNexus's CFR-410 exam
Question #: 23
Topic #: 3
[All CFR-410 Questions]

During a malware-driven distributed denial of service attack, a security researcher found excessive requests to a name server referring to the same domain name and host name encoded in hexadecimal. The malware author used which type of command and control?

Show Suggested Answer Hide Answer
Suggested Answer: B, E

by Tonette at Oct 16, 2023, 04:50 PM

Limited Time Offer

25%

Off

Get Premium CFR-410 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dean
3 months ago
I agree, Dnscat2 fits the description perfectly!
upvoted 0 times
...
Princess
4 months ago
Wait, are we sure it’s not FTP? That seems odd.
upvoted 0 times
...
Teri
4 months ago
Definitely sounds like a custom channel setup.
upvoted 0 times
...
Antonio
4 months ago
I thought IRC was more common for this type of attack.
upvoted 0 times
...
Aretha
4 months ago
Dnscat2 is often used for C2 in these cases.
upvoted 0 times
...
Antonio
4 months ago
I keep mixing up Dnscat2 and custom channels; both seem like they could fit, but I lean towards Dnscat2 for this scenario.
upvoted 0 times
...
Lanie
5 months ago
This question feels familiar; I think we had a practice question about malware using DNS for communication.
upvoted 0 times
...
Socorro
5 months ago
I'm not entirely sure, but I think IRC is more about chat and not specifically for DDoS attacks.
upvoted 0 times
...
Anjelica
5 months ago
I remember studying Dnscat2 in class, and it uses DNS for command and control, which seems relevant here.
upvoted 0 times
...
Salena
5 months ago
The question mentions a distributed denial of service attack, so I'm thinking the malware is trying to hide its command and control channel. That makes me suspect it's using a custom channel rather than a standard protocol like IRC or FTP.
upvoted 0 times
...
Gail
5 months ago
Okay, so the malware is using excessive requests to a name server, which points to a DNS-based command and control. I'm pretty sure the answer is Dnscat2.
upvoted 0 times
...
Lyla
5 months ago
This seems like a tricky one. I'll need to think through the details carefully to figure out the right command and control method.
upvoted 0 times
...
Hortencia
5 months ago
Hmm, the hexadecimal encoding of the domain and host name is a good clue. I'm leaning towards Dnscat2 as the answer, but I want to double-check my understanding.
upvoted 0 times
...
Cordelia
5 months ago
This is a tough one, but I feel confident in my knowledge of audits and management reviews. I'll carefully analyze each statement and choose the correct answer.
upvoted 0 times
...
Jani
5 months ago
I'm pretty sure the ABC approach is about classifying inventory based on the total amounts required, so I'll go with option B.
upvoted 0 times
...
Deeanna
5 months ago
Okay, I think I've got this. The key is to prevent the packets from taking the direct path, so I'll go with option B to set L2 Unknown Unicast to Hardware Proxy.
upvoted 0 times
...
Charolette
5 months ago
From my practice questions, I feel like Service Requests can be handled by the Service Desk staff, which might make statement 3 true.
upvoted 0 times
...
Luther
10 months ago
FTP? Seriously? That's like using a carrier pigeon to send your malware instructions. Dnscat2 all the way, baby!
upvoted 0 times
Myong
9 months ago
C) Custom channel
upvoted 0 times
...
Anglea
9 months ago
B) Dnscat2
upvoted 0 times
...
Shelia
10 months ago
A) Internet Relay Chat (IRC)
upvoted 0 times
...
...
Nathan
11 months ago
IRC? Really? What is this, the early 2000s? Gotta be Dnscat2, that's the newest and most sophisticated-sounding option.
upvoted 0 times
Mirta
9 months ago
Dnscat2 is the way to go for this type of command and control.
upvoted 0 times
...
Art
9 months ago
Definitely not FTP, that's too basic.
upvoted 0 times
...
Dominga
10 months ago
Yeah, IRC seems outdated for this kind of attack.
upvoted 0 times
...
Dorthy
10 months ago
I think it's Dnscat2 too, sounds more advanced.
upvoted 0 times
...
...
Aleisha
11 months ago
I'm not sure, but I think C) Custom channel could also be a possibility.
upvoted 0 times
...
Brunilda
11 months ago
Custom channel? Sounds like the malware author was trying to be a special snowflake. I'll go with B, Dnscat2, it's the most technical-sounding one.
upvoted 0 times
Lauryn
10 months ago
Yeah, it seems like the most likely choice for this scenario.
upvoted 0 times
...
Josephine
10 months ago
I agree, Dnscat2 does sound pretty technical.
upvoted 0 times
...
...
Lorenza
11 months ago
Dnscat2? Sounds like a dance move to me! But hey, at least it's not FTP - that's so 90s.
upvoted 0 times
...
Shenika
11 months ago
I agree with Sophia, Dnscat2 makes sense in this scenario.
upvoted 0 times
...
Sophia
11 months ago
I think the answer is B) Dnscat2.
upvoted 0 times
...

Save Cancel