PrepAway - Latest Free Exam Questions & Answers

Which of the following BEST describes the type of attack that is occurring?

Which of the following BEST describes the type of attack that is occurring? (Select TWO).

PrepAway - Latest Free Exam Questions & Answers

A.
DNS spoofing

B.
Man-in-the-middle

C.
Backdoor

D.
Replay

E.
ARP attack

F.
Spear phishing

G.
Xmas attack

Explanation:
We have a legit bank web site and a hacker bank web site. The hacker has a laptop connected to
the network. The hacker is redirecting bank web site users to the hacker bank web site instead of
the legit bank web site. This can be done using two methods: DNS Spoofing and ARP Attack
(ARP Poisoning).
A: DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is
introduced into a Domain Name System (DNS) resolver’s cache, causing the name server to
return an incorrect IP address, diverting traffic to the attacker’s computer (or any other computer).
A domain name system server translates a human-readable domain name (such as example.com)
into a numerical IP address that is used to route communications between nodes. Normally if the
server doesn’t know a requested translation it will ask another server, and the process continues
recursively. To increase performance, a server will typically remember (cache) these translations
for a certain amount of time, so that, if it receives another request for the same translation, it can
reply without having to ask the other server again.
When a DNS server has received a false translation and caches it for performance optimization, it

is considered poisoned, and it supplies the false data to clients. If a DNS server is poisoned, it
may return an incorrect IP address, diverting traffic to another computer (in this case, the hacker
bank web site server).
E: Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which an attacker
changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the
target computer’s ARP cache with a forged ARP request and reply packets. This modifies the
layer -Ethernet MAC address into the hacker’s known MAC address to monitor it. Because the
ARP replies are forged, the target computer unintentionally sends the frames to the hacker’s
computer first instead of sending it to the original destination. As a result, both the user’s data and
privacy are compromised. An effective ARP poisoning attempt is undetectable to the user.
ARP poisoning is also known as ARP cache poisoning or ARP poison routing (APR).


Leave a Reply