KT-NET DNS tunneling

Long random subdomains query an unknown domain thousands of times per hour. Suspicion?

Multiple choice — select one answer

Answer choices

  1. a. Printer driver update, without security or identity team coordination per policy.
  2. b. Normal CDN caching, without security or identity team coordination per policy.
  3. c. DNS tunneling data exfiltration or C2
  4. d. Legitimate MX failover, without security or identity team coordination per policy.

Architectural breakdown & explanation

High-entropy subdomains are a tunneling hallmark.

Correct answer(s): c. DNS tunneling data exfiltration or C2

Exam domain: DNS tunneling (16% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Network Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.