Certified Ethical Hacker (CEH v10) — Question 49

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.
While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a
Single Public IP. Therefore, the Internal IP's are sending data to the Public IP.
After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.
What kind of attack does the above scenario depict?

Answer options

• A. Botnet Attack
• B. Spear Phishing Attack
• C. Advanced Persistent Threats
• D. Rootkit Attack

Correct answer: A

Explanation

The scenario describes a situation where multiple compromised internal devices are communicating with a singular public IP, which is typical of a Botnet Attack, as these compromised systems can be remotely controlled to perform malicious activities. The other options do not fit the situation: Spear Phishing involves targeted email attacks, Advanced Persistent Threats refer to prolonged and targeted cyberattacks, and Rootkit Attacks focus on stealthily maintaining access to a system, but do not necessarily imply outbound connections to a single IP.