KT-NET DNS tunneling

DNS analytics show long random subdomains to a newly registered domain from one server. Action?

Multiple choice — select one answer

Answer choices

  1. a. Allow the traffic because DNS is encrypted with DNSSEC by default, without security or identity team coordination per policy.
  2. b. Block the domain, isolate the server, and inspect processes making DNS queries
  3. c. Increase DNS TTL globally to reduce query volume on resolvers, without security or identity team coordination per policy.
  4. d. Disable DNS logging to improve resolver performance during business hours, without security or identity team coordination per policy.

Architectural breakdown & explanation

High-entropy subdomains may encode exfiltrated data via DNS tunneling.

Correct answer(s): b. Block the domain, isolate the server, and inspect processes making DNS queries

Exam domain: DNS tunneling (16% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Network Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.