Certified Ethical Hacker (CEH v10) — Question 190

You are a security officer of a company. You had an alert from IDS that indicates that one PC on your Intranet is connected to a blacklisted IP address (C2 Server) on the Internet. The IP address was blacklisted just before the alert. You are staring an investigation to roughly analyze the severity of the situation. Which of the following is appropriate to analyze?

Answer options

• A. Event logs on the PC
• B. Internet Firewall/Proxy log
• C. IDS log
• D. Event logs on domain controller

Correct answer: B

Explanation

The Internet Firewall/Proxy log is the most appropriate choice because it can provide insights into outgoing traffic to the blacklisted IP and any related connections. While event logs on the PC and domain controller may contain useful information, they are less likely to directly address the external connection to the C2 Server. The IDS log may indicate an alert but does not provide detailed analysis of the traffic involved.