Which indicators are useful for command and control, malware delivery, identifying the operating system, and other tasks, such as URLs, domain names, and IP addresses?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which indicators are useful for command and control, malware delivery, identifying the operating system, and other tasks, such as URLs, domain names, and IP addresses?

Explanation:
Network indicators are the signals observed in traffic that reveal who is communicating, where they’re communicating to, and how they’re doing it. This category includes IP addresses, domain names, URLs, DNS queries, port numbers, protocols, and patterns in the traffic that point to malicious infrastructure or behaviors. Because command-and-control channels, malware delivery, and many attacker techniques show up as specific network destinations or traffic patterns, network indicators are the most direct way to detect and analyze these activities across multiple systems and networks. They also can provide hints about the operating environment through network-revealed details like banners or characteristic TCP/IP responses, although host-based data often gives more definitive OS information. The strength lies in the ability to correlate across network sensors (firewalls, IDS/IPS, proxies) to identify and investigate suspicious URLs, domain names, and IP addresses.

Network indicators are the signals observed in traffic that reveal who is communicating, where they’re communicating to, and how they’re doing it. This category includes IP addresses, domain names, URLs, DNS queries, port numbers, protocols, and patterns in the traffic that point to malicious infrastructure or behaviors. Because command-and-control channels, malware delivery, and many attacker techniques show up as specific network destinations or traffic patterns, network indicators are the most direct way to detect and analyze these activities across multiple systems and networks. They also can provide hints about the operating environment through network-revealed details like banners or characteristic TCP/IP responses, although host-based data often gives more definitive OS information. The strength lies in the ability to correlate across network sensors (firewalls, IDS/IPS, proxies) to identify and investigate suspicious URLs, domain names, and IP addresses.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy