Which local configuration file can be poisoned to redirect domain name resolution to attacker-controlled hosts?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Security Operations Exam with targeted practice questions. Enhance your understanding with detailed explanations and tips to successfully pass your exam!

Multiple Choice

Which local configuration file can be poisoned to redirect domain name resolution to attacker-controlled hosts?

Explanation:
Local hostname resolution can be hijacked by editing the hosts file. This plain text file maps specific hostnames to IP addresses, and the resolver on many systems checks it before querying DNS. By adding or altering an entry in the local hosts file, you can cause a domain to resolve to an attacker-controlled IP, effectively redirecting traffic for that domain without touching any external DNS. That’s why the local hosts file is the correct target: it provides a direct, local override of DNS data. The other options don’t fit as a local poisoning vector in the same way. /etc/hosts.allow is for access control, not name resolution. /etc/nsswitch.conf determines the order of sources the resolver uses, but changing it isn’t about mapping domains to IPs; it changes which sources are consulted. DNSSEC is a security mechanism to authenticate DNS responses, not a local file you can poison to redirect traffic.

Local hostname resolution can be hijacked by editing the hosts file. This plain text file maps specific hostnames to IP addresses, and the resolver on many systems checks it before querying DNS. By adding or altering an entry in the local hosts file, you can cause a domain to resolve to an attacker-controlled IP, effectively redirecting traffic for that domain without touching any external DNS.

That’s why the local hosts file is the correct target: it provides a direct, local override of DNS data. The other options don’t fit as a local poisoning vector in the same way. /etc/hosts.allow is for access control, not name resolution. /etc/nsswitch.conf determines the order of sources the resolver uses, but changing it isn’t about mapping domains to IPs; it changes which sources are consulted. DNSSEC is a security mechanism to authenticate DNS responses, not a local file you can poison to redirect traffic.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy