DNS sinkhole attacks are well described here: https://www.sans.org/reading-room/whitepapers/dns/dns-sinkhole-33523#:~:text=A%20DNS%20sinkhole%20works%20by,these%20known%20hosts%20and%20domains.
C. Malware trying to resolve an unregistered domain name to determine if it is running in an isolated sandbox would make a DNS sinkhole effective in thwarting an attack. A DNS sinkhole is a technique used to redirect malicious traffic to a benign location, which can be an IP address on a controlled network, where the traffic can be monitored and analyzed. By redirecting the traffic to a sinkhole, the malware will be unable to connect to the real C&C server, and the attackers will lose their control over the malware. In this scenario, the sinkhole can be used to redirect the malware's attempt to resolve the unregistered domain name to a benign IP address.
D. DNS routing tables have been compromised, and an attacker is rerouting traffic to malicious websites.
A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or Blackhole DNS[1] is a DNS server that gives out a false result for a domain name.
A sinkhole is a DNS provider that supplies systems looking for DNS information with false results, allowing an attacker to redirect a system to a potentially malicious destination. DNS sinkholes have also historically been used for non-malicious purposes.
Answer C.
Reference:
The role that DNS played in thwarting this attack is fascinating. The malware was designed to try to resolve an unregistered domain to test whether it was executing in a sandboxed environment.
https://bluecatnetworks.com/blog/dns-helped-stop-wannacry-ransomware-attack/
Answer D is correct. From Wikipedia: A sinkhole is a standard DNS server that has been configured to hand out non-routable addresses for all domains in the sinkhole, so that every computer that uses it will fail to get access to the real site.
Ans: C.
Keyword is thwarting. Therefore it cause confusion to the Malware.
Ans D, Does not show DNS sinkhole functionality.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.SY0-501 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CoRell
Highly Voted 4 years, 8 months agoAndy2929
Highly Voted 4 years, 7 months agomilktea810182
Most Recent 2 years agoSophyQueenCR82
2 years, 1 month agoboydmwanza
3 years, 9 months agojfkqobum
3 years, 11 months agoshpunk
4 years, 1 month agoDion79
3 years, 10 months agomeg999
4 years, 2 months agovi2
4 years, 2 months agowraith13
4 years, 2 months agoexiledwl
4 years, 4 months agodgse
4 years, 6 months agoAndy2929
4 years, 7 months ago