Analyze an unusual DNS server log to determine the most likely attack technique being used, such as footprinting the internal network, attempting initial access, or data exfiltration.
Table of Contents
Question
A security analyst is reviewing the logs on an organization’s DNS server and notices the following unusual snippet:
Which of the following attack techniques was most likely used?
A. Determining the organization’s ISP-assigned address space
B. Bypassing the organization’s DNS sinkholing
C. Footprinting the internal network
D. Attempting to achieve initial access to the DNS server
E. Exfiltrating data from fshare.int.complia.org
Answer
Based on the provided DNS server log snippet, the most likely attack technique being used is C. Footprinting the internal network.
Explanation
Footprinting is the process of gathering information about a target network in order to map out its infrastructure, servers, hosts, and other assets. The log shows a series of DNS lookups for various subdomains of int.comptia.org, which appears to be the organization’s internal domain.
The attacker seems to be querying for common server names and roles like “www”, “dns”, “adds” (Active Directory Domain Services), “fshare” (likely file sharing), and “sip” (Session Initiation Protocol for voice/video). This is a sign they are performing reconnaissance to footprint and map out key servers and services on the internal network.
The other answer choices are less likely:
A. The queries are for internal hostnames, not the ISP-assigned public IP address space of the organization.
B. There is no indication of DNS sinkholing (redirecting malicious domains to a benign IP). The queries are to legitimate internal hosts.
D. While gathering information is often a prerequisite, this log alone does not show an attempt at initial access or intrusion into the DNS server itself.
E. The queries could enable data exfiltration in the future by identifying file shares like “fshare”, but the log does not directly show data being exfiltrated at this point.
So in summary, the key evidence for footprinting the internal network is the systematic DNS queries to map out important servers and services within the organization’s internal domain namespace.
CompTIA SY0-701 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the CompTIA SY0-701 exam and earn CompTIA SY0-701 certification.