Lab 22

Question 1

What is the approximate time interval between type 1 queries to badsite.ru?

1 second
5 seconds
20 seconds
1 minute

Answer 1

5 seconds

Question 2

Which of the following statements are true in regards to the output from the ping command just entered?

The FQDN resolves to a public IP address
No ECHO_REPLIES are received
The domain name resolves to the loopback address
The query operations are being filtered

Answer 2

The domain name resolves to the loopback address

Question 3

If there is an abuse or a problem related to the domain name comptia.org, what contact point should be used to report the issue?

armando.ns.cloudflare.com
dns@cloudflare.com
abuse@dns.cloudflare.com
abuse@dns.cloudflare.com

Answer 3

dns@cloudflare.com

Question 4

Why is beaconing an important IoC to look for?

It indicates active malware attempting to contact a C&C.
It is evidence of buffer overflow exploits.
It is triggered by any malicious activity.
It may use polymorphism to hide its identity.

Answer 4

It indicates active malware attempting to contact a C&C.

Question 5

What is the primary limitation of the automation used to block access to malicious FQDNs?

it protects against both the FQDN and the related IP address
it blocks reverse lookups
it allows secure access to the FQDNs of concern
It only protects the individual system where it runs

Answer 5

It only protects the individual system where it runs

Question 6

In what two modes can nslookup be used? (Select two)

Interactive
Recursive
Automatic
Iterative
Non-interactive

Answer 6

Interactive
Non-interactive

Question 7

Which option in dig will let you select the DNS record type to return?

-r
-t
-d
-z

Answer 7

-t

Question 8

What is the repeated attempt to resolve a FQDN on a regular interval by unknown software called?

port scanning
DNS spoofing
shell injection
beaconing

Answer 8

beaconing