nerdexam
EC-Council

312-50V10 · Question #141

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You

The correct answer is A. Botnet Attack. Multiple compromised internal hosts sending data to a single blacklisted external IP is the defining pattern of a botnet, where infected machines communicate with a centralized command-and-control server.

Malware Threats

Question

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8. While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a Single Public IP. Therefore, the Internal IP's are sending data to the Public IP. After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised. What kind of attack does the above scenario depict?

Options

  • ABotnet Attack
  • BSpear Phishing Attack
  • CAdvanced Persistent Threats
  • DRootkit Attack

How the community answered

(31 responses)
  • A
    77% (24)
  • B
    13% (4)
  • C
    6% (2)
  • D
    3% (1)

Why each option

Multiple compromised internal hosts sending data to a single blacklisted external IP is the defining pattern of a botnet, where infected machines communicate with a centralized command-and-control server.

ABotnet AttackCorrect

A botnet is a network of malware-infected devices (bots) controlled by a threat actor through a command-and-control (C&C) server. The scenario - many internal IPs compromised and funneling outbound traffic to one blacklisted public IP - matches the C&C beacon pattern exactly, confirming a botnet attack.

BSpear Phishing Attack

Spear phishing is a targeted social engineering technique delivered via email to trick specific individuals; it describes an initial attack vector, not an ongoing pattern of outbound network connections from multiple hosts.

CAdvanced Persistent Threats

Advanced Persistent Threats describe a stealthy, long-duration intrusion campaign by sophisticated actors; the term characterizes the attacker's methodology and persistence, not the specific network traffic pattern of many hosts beaconing one IP.

DRootkit Attack

A rootkit is malware that conceals its presence on a single compromised host at the OS level; it does not explain a network-wide pattern of multiple systems communicating outbound to a single external address.

Concept tested: Botnet command-and-control traffic pattern identification

Source: https://www.cisa.gov/news-events/news/understanding-botnets

Topics

#botnet#C2 server#compromised hosts#malware infection

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice