Exam CS0-001 topic 1 question 243 discussion

Actual exam question from CompTIA's CS0-001

Question #: 243
Topic #: 1

A security analyst is reviewing packet captures to determine the extent of success during an attacker's reconnaissance phase following a recent incident.
The following is a hex and ASCII dump of one such packet:

Which of the following BEST describes this packet?

A. DNS BIND version request
B. DNS over UDP standard query
C. DNS over TCP server status query
D. DNS zone transfer request

Show Suggested Answer

Suggested Answer: A 🗳️

by s3curity1 at June 1, 2020, 3:11 p.m.

Comments

Submit Cancel

OnA_Mule

2 years, 1 month ago

Selected Answer: B

The first 12 bytes represent the destination MAC address, source MAC address, and EtherType. The next 20 bytes represent the IP header with source and destination IP addresses and protocol type (UDP). The next 12 bytes represent the UDP header with source and destination ports. 50 18 fb 90 - The next 4 bytes represent the DNS header, where "50 18" represents the DNS identification number, and "fb 90" represents the flags. The next 10 bytes represent the DNS question section. The next 2 bytes represent the DNS answer section. The next 4 bytes represent the DNS name server records section. The next 17 bytes represent the DNS additional records section. The last 3 bytes represent the DNS additional records section. Therefore, the packet is a DNS over UDP standard query that requests the IP address of "comp.tia" with identification number "50 18".

upvoted 1 times

...

[Removed]

4 years, 7 months ago

"when you see this displayed in Wireshark – all the ……… in between the letters and other words – tells you that it is an ISC BIND PATCH — the only answer for DNS BIND is listed above…" Source: https://vceguide.com/which-of-the-following-best-describes-this-packet/

upvoted 1 times