GIAC
GCIH · Question #561
A company is reviewing its systems. The review includes travelling laptops with insecure connections, and is focused on finding connections to known malicious locations. What would be an efficient way
The correct answer is A. Review DNS logs and caches from all machines against listing of malware domains. The DNS logs are one way of getting sites that were accessed even while traveling if laptops were compromised while not on the corporate network.
Incident Response & Cyber Kill Chain
Question
A company is reviewing its systems. The review includes travelling laptops with insecure connections, and is focused on finding connections to known malicious locations. What would be an efficient way of accomplishing this task?
Options
- AReview DNS logs and caches from all machines against listing of malware domains
- BSort logs from the web proxy for requests made against listings of malware domains
- CGo through logs from the company firewall for connections to known bad sites
- DCheck VPN logs for the connections made by travelling laptops
How the community answered
(21 responses)- A81% (17)
- B10% (2)
- C5% (1)
- D5% (1)
Explanation
The DNS logs are one way of getting sites that were accessed even while traveling if laptops were compromised while not on the corporate network.
Topics
#DNS logs#malware domains#threat hunting#log analysis
Community Discussion
No community discussion yet for this question.