12 Jan Practice Test Question-Attack Analysis

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Peter is analyzing network flow logs and finds that a server in his organization is sending a large amount of traffic to a single destination. Upon further investigation, he sees that the server is receiving very small repeated requests from the same source on UDP port 53 and sends very large responses. What type of attack should Peter suspect? A. DNS Amplification B. DNS Spoofing C. ARP Spoofing D. ARP Amplification Correct Answer: A UDP port 53 is used by the Domain Name Service (DNS), so we can immediately eliminate the two answers that are about ARP-based attacks.The attack described in this scenario is indicative of an amplification attack, where the DNS requests are spoofed with a false source address belonging to the attack victim. This causes the DNS server to flood the victim with traffic. While this attack does use IP spoofing to insert a false source address, it is not a DNS spoofing attack because no DNS information is tampered with during the attack.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...