Which technique enables attackers to redirect users to a malicious website by corrupting the DNS cache?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Certification. Master concepts with flashcards and multiple choice questions, each enriching your understanding. Ready yourself to succeed in your exam!

Multiple Choice

Which technique enables attackers to redirect users to a malicious website by corrupting the DNS cache?

Explanation:
DNS cache poisoning is when a malicious actor corrupts a DNS resolver’s cached data so that a domain name resolves to an attacker‑controlled IP address. When a user asks for a site, the resolver stores the answer in its cache to speed up future lookups. If an attacker can inject a forged DNS response that matches what the resolver requested, the resolver will save the malicious IP in the cache. Then, subsequent requests for that domain will be directed to the malicious site until the cache entry expires. This is why the technique is so effective: it exploits the trust placed in the DNS resolution process and the caching mechanism to redirect traffic without any warning to the user. Historically, attacks exploited weaknesses in how responses were validated (like randomness in transaction IDs and port numbers). Modern defenses include DNSSEC, which provides cryptographic validation of DNS data, and better resolver hardening such as randomized query identifiers and ports to prevent spoofed responses. Other options involve different layers or methods: ARP spoofing manipulates local network address mapping; phishing relies on deceiving users rather than altering DNS data; SQL injection targets application databases. DNS cache poisoning specifically alters DNS data to redirect users.

DNS cache poisoning is when a malicious actor corrupts a DNS resolver’s cached data so that a domain name resolves to an attacker‑controlled IP address. When a user asks for a site, the resolver stores the answer in its cache to speed up future lookups. If an attacker can inject a forged DNS response that matches what the resolver requested, the resolver will save the malicious IP in the cache. Then, subsequent requests for that domain will be directed to the malicious site until the cache entry expires.

This is why the technique is so effective: it exploits the trust placed in the DNS resolution process and the caching mechanism to redirect traffic without any warning to the user. Historically, attacks exploited weaknesses in how responses were validated (like randomness in transaction IDs and port numbers). Modern defenses include DNSSEC, which provides cryptographic validation of DNS data, and better resolver hardening such as randomized query identifiers and ports to prevent spoofed responses.

Other options involve different layers or methods: ARP spoofing manipulates local network address mapping; phishing relies on deceiving users rather than altering DNS data; SQL injection targets application databases. DNS cache poisoning specifically alters DNS data to redirect users.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy