While threat hunting, you notice several compromised workstations send 240-byte DNS TXT queries every 60 seconds to a domain registered only two weeks earlier. Base64 strings appear in the responses. Within the context of an APT kill chain, what tactic is most likely occurring, and what data should you focus on to confirm it?
Initial access through spear-phishing; review inbound email headers and attachment hashes.
Lateral movement with SMB sessions; capture internal SMB traffic and NetBIOS name queries.
Data exfiltration over a DNS tunneling channel; measure and decode the outbound TXT record payloads.
Regular, fixed-size TXT queries that carry base64 data strongly suggest DNS tunneling. Mature APT groups often rely on this channel once inside the network to quietly move stolen information past perimeter controls. To verify that the channel is being used for exfiltration, you would examine the volume, size and decoded content of the outbound TXT payloads. The other options describe activities (initial spear-phishing, Kerberos abuse for privilege escalation, lateral SMB movement) that would not normally rely on repetitive TXT traffic to an external domain.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNS tunneling?
Open an interactive chat with Bash
How does Base64 encoding work in DNS tunneling?
Open an interactive chat with Bash
What role do Advanced Persistent Threats (APTs) play in DNS-based data exfiltration?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
System Hacking Phases and Attack Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .