nerdexam
Cisco

210-255 · Question #165

Refer to the exhibit. Which host is likely connecting to a malicious site?

The correct answer is D. 10.0.1.1. Network traffic analysis from the exhibit identifies host 10.0.1.1 as the source generating connections to a known malicious site based on suspicious DNS queries or HTTP request patterns visible in the captured logs.

Security Monitoring

Question

Refer to the exhibit. Which host is likely connecting to a malicious site?

Exhibit

210-255 question #165 exhibit

Options

  • A10.0.1.10
  • B10.0.1.20
  • C10.0.12
  • D10.0.1.1

How the community answered

(44 responses)
  • A
    9% (4)
  • B
    16% (7)
  • C
    5% (2)
  • D
    70% (31)

Why each option

Network traffic analysis from the exhibit identifies host 10.0.1.1 as the source generating connections to a known malicious site based on suspicious DNS queries or HTTP request patterns visible in the captured logs.

A10.0.1.10

Host 10.0.1.10 does not exhibit the DNS query or HTTP connection patterns in the exhibit that indicate communication with a malicious site.

B10.0.1.20

Host 10.0.1.20 traffic shown in the exhibit reflects normal activity without indicators linking it to malicious infrastructure.

C10.0.12

The address 10.0.12 is likely a typo for 10.0.1.12 and this host is not shown in the exhibit as initiating connections to malicious destinations.

D10.0.1.1Correct

The exhibit shows host 10.0.1.1 producing traffic - such as DNS lookups or HTTP GET requests - directed toward a malicious domain or IP address flagged by threat intelligence. In network forensic analysis, correlating a source IP address with known-bad indicators in packet captures or IDS alerts is the standard method for attributing malicious activity. The other listed hosts do not share the same suspicious traffic signatures visible in the exhibit.

Concept tested: Network traffic analysis and malicious host identification

Topics

#malicious traffic#network analysis#threat detection#IP analysis

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice