Certified Ethical Hacker (CEH v11) — Question 111

You are working as a Security Analyst in a company XYZ that owns the whole subnet range of 23.0.0.0/8 and 192.168.0.0/8.
While monitoring the data, you find a high number of outbound connections. You see that IP's owned by XYZ (Internal) and private IP's are communicating to a
Single Public IP. Therefore, the Internal IP's are sending data to the Public IP.
After further analysis, you find out that this Public IP is a blacklisted IP, and the internal communicating devices are compromised.
What kind of attack does the above scenario depict?

Answer options

• A. Botnet Attack
• B. Spear Phishing Attack
• C. Advanced Persistent Threats
• D. Rootkit Attack

Correct answer: A

Explanation

The correct answer is A, Botnet Attack, as the scenario describes compromised internal devices communicating with a blacklisted public IP, which is characteristic of botnets that utilize infected machines to send outbound connections. The other options, such as Spear Phishing, Advanced Persistent Threats, and Rootkit Attack, do not specifically involve the behavior of multiple compromised devices connecting to a single external entity in this manner.