Question 10 of 10Pro Only

Explain how you would use log analysis to detect DNS tunneling or DNS exfiltration. What specific patterns would you look for in DNS logs, and what makes this type of attack difficult to detect?

Sample answer preview

DNS tunneling is a technique where an attacker uses DNS queries and responses to smuggle data in and out of a network. Since DNS traffic is almost universally allowed through firewalls and often receives minimal scrutiny from security tools, it provides a covert channel that can…

DNS tunnelingDNS exfiltrationTXT recordsentropy analysisbase64 encodingcovert channel

Unlock the full answer

Get the complete model answer, key points, common pitfalls, and access to 9+ more SOC Analyst interview questions.

Upgrade to Pro

Starting at $19/month • Cancel anytime

Back to Track