Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

The SecOps Group Exam CNSP Topic 8 Question 3 Discussion

Actual exam question for The SecOps Group's CNSP exam
Question #: 3
Topic #: 8
[All CNSP Questions]

You are performing a security audit on a company's infrastructure and have discovered that the domain name system (DNS) server is vulnerable to a DNS cache poisoning attack. What is the primary security risk?

Show Suggested Answer Hide Answer
Suggested Answer: A

DNS cache poisoning, also known as DNS spoofing, involves an attacker injecting false DNS records into a resolver's cache, altering how domain names resolve.

Why A is correct: The primary risk is that an attacker can redirect users to malicious websites (e.g., phishing or malware sites) by poisoning the DNS cache with fake IP addresses. This can lead to credential theft, data exfiltration, or malware distribution. CNSP identifies this as the core threat of DNS cache poisoning, aligning with real-world attack vectors.

Why other option is incorrect:

B . Manipulate the cache of the web server or proxy server: This describes web cache poisoning, a different attack targeting HTTP caches, not DNS servers. DNS cache poisoning affects DNS resolution, not web or proxy server caches directly.


by Laticia at Mar 23, 2025, 06:33 AM

Limited Time Offer

25%

Off

Get Premium CNSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Merrilee
11 days ago
That's also a valid point. It could lead to users accessing fake websites or receiving false information.
upvoted 0 times
...
Christiane
14 days ago
But what about the risk of an attacker manipulating the cache to return incorrect content for a specific URL or web page?
upvoted 0 times
...
Dalene
15 days ago
I agree with Merrilee. That's a major concern with DNS cache poisoning attacks.
upvoted 0 times
...
Alesia
16 days ago
Hmm, this is a tough one. But I think A is the way to go. Redirecting traffic to a shady site sounds like a recipe for disaster. Unless the attacker is planning to fill the cache with cat memes, in which case I'm all for it.
upvoted 0 times
...
Andra
17 days ago
Haha, this is a classic 'pick your poison' kind of question. I'll have to go with A though, because who knows what kind of nefarious schemes the bad guys could cook up on that malicious site. I'd rather not find out the hard way!
upvoted 0 times
...
Alberta
18 days ago
I'd have to go with B. Manipulating the cache to serve up false content could be just as dangerous, if not more so. Imagine an attacker hijacking a banking website, yikes!
upvoted 0 times
...
Merrilee
19 days ago
I think the primary risk is that an attacker could redirect traffic to a malicious website and steal sensitive information.
upvoted 0 times
...
Fairy
28 days ago
Definitely option A. Redirecting traffic to a malicious site is the biggest risk here. That could lead to some serious data breaches and identity theft.
upvoted 0 times
Gennie
2 days ago
B) I agree, that would be a major security concern. We need to address this vulnerability as soon as possible.
upvoted 0 times
...
Joanna
7 days ago
Option A is definitely the primary risk. Redirecting traffic to a malicious site could lead to data breaches and identity theft.
upvoted 0 times
...
Ty
13 days ago
A) The primary risk is that an attacker could redirect traffic to a malicious website and steal sensitive information.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77