What are the two ways threat actors use NTP? (Choose two.)

  • Threat actors use NTP systems to direct DDoS attacks.
  • They place iFrames on a frequently used corporate web page.
  • They encode stolen data as the subdomain portion where the nameserver is under control of an attacker.
  • They place an attachment inside an email message.
  • They attack the NTP infrastructure in order to corrupt the information used to log the attack.
Explanation & Hint:

Network Time Protocol (NTP) can be exploited by threat actors in a few ways, primarily due to its ability to respond to requests with significantly more data than is contained within the request. Two ways that threat actors use NTP are:

  1. Threat actors use NTP systems to direct DDoS attacks: NTP can be used in amplification attacks, which are a type of Distributed Denial of Service (DDoS) attack. The attacker sends a request to the NTP server with a spoofed source IP address (the target’s address). The server, which sends significantly more data in response to the request, floods the target with traffic, overwhelming the target’s resources.
  2. They attack the NTP infrastructure in order to corrupt the information used to log the attack: By disrupting the NTP infrastructure, threat actors could potentially alter timestamps in logs, making it difficult for security analysts to correlate events and understand the sequence of an attack. This could be used to obfuscate the details of an attack or to confuse the incident response process.

The other options listed, such as placing iFrames on a web page, encoding stolen data in DNS queries, and sending malicious email attachments, do not directly involve the abuse of the NTP protocol. Those are separate attack methods not specifically related to NTP exploitation.

For more Questions and Answers:

CyberOps Associate 1.0 & CA 1.02 Final Exam Answers Full 100%