ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 38 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 38
Topic #: 1
[All 312-50v11 Questions]

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.
While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a
Single Public IP. Therefore, the Internal IP's are sending data to the Public IP.
After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.
What kind of attack does the above scenario depict?

  • A. Botnet Attack
  • B. Spear Phishing Attack
  • C. Advanced Persistent Threats
  • D. Rootkit Attack
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ripple at June 2, 2021, 7:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ripple
Highly Voted 2 years, 5 months ago
A: This is typical behaviour where compromised machines beacon back to a Command and Control server.
upvoted 10 times
...
Scryptic
Highly Voted 2 years, 2 months ago
An APT would try to maintain persistence. Having a 'High Number of outbound connections' from the compromised host device(s) wouldn't be conducive to maintaining persistence.
upvoted 7 times
...
MGRavindra
Most Recent 7 months, 3 weeks ago
I was equally confused. However, BOTNET is the answer
upvoted 2 times
...
mefis
9 months ago
blacklist IP >>> Botnet
upvoted 3 times
...
C4yber
1 year, 1 month ago
Botnet
upvoted 1 times
...
Urltenm
1 year, 9 months ago
It looks like TCP Reverse attack. Meta...
upvoted 2 times
...
Novmejst
1 year, 11 months ago
Degauss
upvoted 3 times
Novmejst
1 year, 11 months ago
Sorry - A. Botnet Attack is the Answer - Can't change my comment ???
upvoted 4 times
...
...
BigMomma4752
2 years, 1 month ago
duprst, That is the pits.
upvoted 1 times
...
duprst
2 years, 1 month ago
I just took the CEH and got an 84 but still failed. About 50% questions from here. I asked the proctor and was told there is no version for CEH.
upvoted 2 times
Osen
2 years ago
I asked the proctor and was told there is no version for CEH....I dont get this please?
upvoted 2 times
Hackerl
1 year, 11 months ago
80 % should be scored out of 125 questions so 100 correct answers will be consider as Pass.
upvoted 3 times
KruHacker01
1 year, 9 months ago
Not true because each question have different weight. Secondly, they pass you base on setting question that you answer correctly which is to them these question verify that you know the subject matter best to their ability. Our tests are built to test if one actually has the necessary skills and knowledge of the subject and not their ability to study or memorise specific questions that were on the exam. EC-Council does not share information about the specific questions that were missed or answered incorrectly to protect the integrity of the certification process.
upvoted 2 times
...
...
...
Silascarter
1 year, 12 months ago
I took mine Oct 30, also got 88 and still failed. I guess you will have to practice across CEH 50 v 9,10,11. That way you will likely cover all questions.
upvoted 1 times
...
AjaxFar
1 year, 11 months ago
84 against 100 or 125 marks, then did you used official e council couse material?
upvoted 1 times
...
...
uglyoldgoat
2 years, 1 month ago
so what is the answer here? Botnet or APT?
upvoted 2 times
brdweek
2 years, 1 month ago
Botnet
upvoted 4 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago