ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v10 All Questions

View all questions & answers for the 312-50v10 exam
Go to Exam

Exam 312-50v10 topic 1 question 110 discussion

Actual exam question from ECCouncil's 312-50v10
Question #: 110
Topic #: 1
[All 312-50v10 Questions]

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

  • A. Event logs on the PC
  • B. Internet Firewall/Proxy log
  • C. IDS log
  • D. Event logs on domain controller
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by hasib125 at Sept. 1, 2020, 11:25 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Nassman
6 months, 3 weeks ago
the local PC log events can be removed by the malware/rootkit/C&C controller etc. The firewall log can show if other computers are in the same situation and the IDS didn`t make alerts for them.
upvoted 1 times
...
datastream
1 year, 5 months ago
it's B. local logs could be faked by the virus/malware
upvoted 2 times
...
royalfu
1 year, 6 months ago
Answer is B. PC event log may not show much useful information for analysis
upvoted 1 times
...
guidoleonardo
1 year, 7 months ago
It can be A but when you want to know the severity you'll probably check if something big occurs in your private network, so the correct answer it's B That's my view of point
upvoted 1 times
...
hasib125
1 year, 9 months ago
Answer can be A : Event logs on the PC I find it most relevant !
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel