06 Sep Practice Test Question – Domain Hijacking
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.
Pete is investigating a domain hijacking attack against his company that successfully redirected web traffic to a third party website. Which one of the following techniques is the most effective way to carry out a domain hijacking attack?
A. Network eavesdropping
B. DNS poisoning
C. ARP poisoning
D. Social engineering
Correct Answer: D
In a domain hijacking attack, the attacker changes the registration of a domain with the registrar. DNS and ARP poisoning attacks may redirect web traffic, but they would do so by providing bogus address information, not by hijacking the domain. Network eavesdropping could theoretically be used to steal credentials used to alter information with a registrar, but this is unlikely. The most likely source of a domain hijacking attack is using social engineering with the registrar to gain access to the account used to manage registration information.