Question

A penetration tester has obtained access to an IP network subnet that contains ICS equipment intercommunication. Which of the following attacks is MOST likely to succeed in creating a physical effect?

1. DNS cache poisoning.

2. Record and replay.

3. Supervisory server SMB.

4. Blind SQL injection.

Answer 1

DNS cache poisoning.

Explanation:- First lets look at what all these terms actually means.

DNS cache poisoning can locate and then exploit vulnerabilities that exist in a DNS, or domain name system.

In Record and Replay can run tests without programming knowledge using tools that allows you to manually perform actions in the browser and save them as a test.

Using the SMB protocol, an application or user can access files or other resources at a remote server and perform operations like read, create, and update on that remote server. Supervisory server SMB deals with identifying this type of attack.

Blind SQL injection arises when an application is susceptible to SQL injection and its HTTP responses doesn't contain the results of SQL query or the small print of any database errors.

Since, in the given problem the penetration tester has obtained access to an IP network subnet which is a logical subdivision of an IP address and DNS is a directory of names that match with numbers of these IP addresses. It means this is indirectly related to DNS that is why this vulnerability can be regarded as DNS cache poisoning.