Sam and a forensics team investigated and caught a hacker that had been attacking systems within their network. Sam uncovered a complete topology of their network, along with IP addresses, services running, and accounts for each and every device on the network. What did the hacker most likely carry out to obtain this information?
A.
Zone transfer
B.
Port scans
C.
Loki attacks
D.
Smurf attacks
Explanation:
The primary and secondary DNS servers synchronize their information
through a zone transfer. Changes take place to the primary DNS and then those
changes need to be replicated to the secondary DNS server. It is important to
configure the DNS server to only allow zone transfers to take place between the
specific servers. For years now attackers have been carrying out zone transfers to
gather very useful network information from victims DNS servers. Unauthorized zone
transfers can take place if the DNS server are not properly configured to restrict
this type of activity.
ZONE TRANSFER does not give our account information and services runnimg . From my perspective this answer is incorrect.
0
0
I think about Accounts, the question meant host names of devices, computers and their relevant IP addresses that a DNS server has.
0
0
Agreed with MK. DNS Zone transfer does not contain account or service information. Host names & IP addresses are a far cry from accounts & services.
0
0
Correct answer is A
0
0