Exam SY0-601 topic 1 question 1 discussion

C. DNS poisoning. The certificate mismatch warning suggests that the website is using a different SSL/TLS certificate than what the browser was expecting. This could happen if an attacker has tampered with the DNS resolution process, so the user is directed to a different server than the legitimate site. This type of attack is known as DNS poisoning, where an attacker corrupts or manipulates the DNS cache of a network to redirect users to malicious websites. On-path attacks involve intercepting and altering network traffic between the user and the website, while domain hijacking refers to the unauthorized transfer of a domain name from its rightful owner to another party. Evil twin attacks involve setting up a rogue wireless access point to impersonate a legitimate one in order to steal login credentials or other sensitive information. None of these scenarios fit the description given in the question.

The correct answer is C, DNS poisoning. If it were domain hijacking, the entire DNS server would be malicious, causing multiple, if not all, URLs to present a certificate mismatch error. In this case, only one URL does, so only that DNS record has been maliciously altered, making DNS poisoning the correct answer.

DNS poisoning - DNS poisoning occurs when hackers gain access to a DNS server and begins to redirect traffic to a different IP address by alternating a DNS record. For this question, DNS poisoning on HTTPS will result in a certificate mismatch error, which means a DNS record has been altered.

I hope this helps someone. In the event if a DNS poison or domain hijack: both bring the same result. However the question only stated one website with a "certificate error". Since we can't imply it is all websites we must refer to the domain being mentioned as the issue? How to verify is by going to a second website. There's not enough detail to make an assumption of DNS poisoning. Sec+ is meant to be a basic exam. Just know the differences between both and answer what you firmly believe to be the correct answer. In my opinion it is a Domain Hijack. The question didn't imply the website looks different either.

I feel like both (C) and (B) are correct answers but (C) is specific and the method is given while (B) is broad and can include DNS poisoning as Hijacking goes one step further and changes the DNS settings while DNS Poisoning only redirects the traffic using the DNS records so unless they give some specification on what is going on behind the scenes we cannot determine the answer between (B) and (C)

This attack is an example of domain hijacking. Domain hijacking is a type of cyber attack in which an attacker takes control of a domain name and redirects traffic intended for the legitimate domain to a different website. This can occur through a variety of methods, including hacking into the domain registrar's account, intercepting traffic intended for the legitimate domain, or using a man-in-the-middle attack to redirect traffic. In this case, it appears that the user is attempting to visit the website at https://www.site.com, but is being presented with a certificate mismatch warning. This could indicate that the domain has been hijacked and traffic is being redirected to a different website. The fact that the user does not receive a warning when visiting http://www.anothersite.com suggests that this is not a problem with the user's browser or the company's network, but rather with the specific domain that the user is trying to access.

c is the correct one!

The described attack is most consistent with DNS poisoning. The user’s traffic is being redirected to a malicious server that presents an incorrect SSL/TLS certificate, triggering the browser warning. Domain hijacking, on the other hand, involves gaining control of the domain itself and typically does not present as a certificate mismatch warning.

Domain hijacking: Domain hijacking involves unauthorized changes to the registration of a domain name. While it's related to unauthorized access to a domain, it's not directly related to SSL certificate mismatches.

This looks more like DNS poisoning rather than a hijacked website.

The hijack action allows them to change information within the website itself. Spoofing merely redirects to a fake website.

I think it is not clear if this is a DNS poisoning or a hijacked domain. The mismatch warning could be presented in both attacks. I think the information is incomplete and you would have to assume a part to select either option. But I would select DNS poisoning, the reasin would be that when going to a HTTPS website, it is giving the certificate mismatch error. When going to HTTP website it is not. It is common for DNS poisoning to target HTTPS as there is where the sensitive data is. So why would they make this difference? Also the fact that it is getting a certificate mismatch is an indication that the DNS records were manipulated and the user could be being redirected to a server with a maybe manipulated certificate by an attacker that has a certificate that is not the expected certificate.

This could be done by either Domain hijacking OR DNS poisoning. there's not enough information to answer this question

As option A & D are eliminated because there is no man in middle attack which is one type of on-path attack and D is there is no wifi access . Now from Option B (Domain Hijacking) there is no change in the DNS name.Option C DNS poisoning redirects the end used to fraudulent version.

I would go with C

B，DNS Poisoning focuses on the DNS records – changing them, which results in the domain resolving the wrong IP address.

correct answer is c