nerdexam
EC-Council

312-50V13 · Question #369

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was

Sign in or unlock 312-50V13 to reveal the answer and full explanation for question #369. The question stem and answer options stay visible for context.

Submitted by viktor_hu· Mar 6, 2026Malware Threats

Question

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are starting an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

Options

  • AIDS log
  • BEvent logs on domain controller
  • CInternet Firewall/Proxy log.
  • DEvent logs on the PC

Unlock 312-50V13 to see the answer

You've previewed enough free 312-50V13 questions. Unlock 312-50V13 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Topics

#Incident response#C2 server#Firewall logs#malware communication
Full 312-50V13 Practice