Which detection helps identify a compromised host by monitoring outbound connections and unusual ports?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which detection helps identify a compromised host by monitoring outbound connections and unusual ports?

Explanation:
Detecting a compromised host by watching outbound connections and unusual ports centers on identifying Command and Control activity. When a system is under control of an attacker, it often reaches out to a remote C2 server to receive instructions or to exfiltrate data. This activity tends to show up as beacon-like outbound connections to destinations and ports that aren’t typical for normal user traffic, or as irregular patterns in how often and how long those connections persist. Recognizing these telltale outbound signals helps you flag the covert channel the attacker uses to control the compromised host. Data staging describes preparing data for exfiltration rather than the ongoing control channel itself, so it doesn’t address the detection of the hidden communication path. IoCs are indicators of compromise like known bad IPs, hashes, or artifacts—they’re valuable for threat hunting and triage but don’t specifically describe real-time C2 traffic patterns. A web shell is a backdoor that enables remote access via a web interface, which is a different symptom of compromise and not the typical beaconing pattern to a C2 server. The most fitting concept for identifying a compromised host through its outbound behavior to unusual ports is Command and Control server detection.

Detecting a compromised host by watching outbound connections and unusual ports centers on identifying Command and Control activity. When a system is under control of an attacker, it often reaches out to a remote C2 server to receive instructions or to exfiltrate data. This activity tends to show up as beacon-like outbound connections to destinations and ports that aren’t typical for normal user traffic, or as irregular patterns in how often and how long those connections persist. Recognizing these telltale outbound signals helps you flag the covert channel the attacker uses to control the compromised host.

Data staging describes preparing data for exfiltration rather than the ongoing control channel itself, so it doesn’t address the detection of the hidden communication path. IoCs are indicators of compromise like known bad IPs, hashes, or artifacts—they’re valuable for threat hunting and triage but don’t specifically describe real-time C2 traffic patterns. A web shell is a backdoor that enables remote access via a web interface, which is a different symptom of compromise and not the typical beaconing pattern to a C2 server. The most fitting concept for identifying a compromised host through its outbound behavior to unusual ports is Command and Control server detection.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy