Exam 312-50v13 topic 1 question 69 discussion

A. Unspecified proxy activities Explanation: In the scenario, Clark is using multiple domains pointing to the same host, likely for the purpose of switching between domains quickly to avoid detection. This behavior aligns with unspecified proxy activities, where the attacker uses various methods to mask their true actions or obfuscate their presence on a network. By using multiple domains pointing to the same host, Clark is trying to avoid detection by security measures that might track a single domain or IP address.

DNS tunneling is the correct.

Unspecified Proxy Activities An adversary can create and configure multiple domains pointing to the same host, thus, allowing an adversary to switch quickly between the domains to avoid detection. Security professionals can find unspecified domains by checking the data feeds that are generated by those domains. Using this data feed, the security professionals can also find any malicious files downloaded and the unsolicited communication with the outside network based on the domains. ▪ Use of Command-Line Interface On gaining access to the target system, an adversary can make use of the command-line interface to interact with the target system, browse the files, read file content, modify file content, create new accounts, connect to the remote system, and download and install malicious code. Security professionals can identify this behavior of an adversary by checking the logs for process ID, processes having arbitrary letters and numbers, and malicious files downloaded from the Internet.

A. This is an unspecified proxy activities.

Answer is A.