Certified Ethical Hacker (CEH v10) — Question 9

You are monitoring the network of your organizations. You notice that:
1. There are huge outbound connections from your Internal Network to External IPs
2. On further investigation, you see that the external IPs are blacklisted
3. Some connections are accepted, and some are dropped
4. You find that it is a CnC communication
Which of the following solution will you suggest?

Answer options

• A. Block the Blacklist IP's @ Firewall
• B. Update the Latest Signatures on your IDS/IPS
• C. Clean the Malware which are trying to Communicate with the External Blacklist IP's
• D. Both B and C

Correct answer: D

Explanation

The correct answer is D because both updating the signatures on your IDS/IPS and cleaning the malware are essential steps in addressing CnC communication. Option A, while useful, does not address the root cause of the issue, which is the presence of malware initiating the connections. Therefore, simply blocking the IPs without cleaning the system would not resolve the underlying problem.