When a malware-infected host attempts to resolve a known command-and-control server, the traffic matches a security policy with DNS sinhole enabled, generating a traffic log.
What will be the destination IP Address in that log entry?
Haha, you guys are really overthinking this. It's obviously C - the IP address specified in the sinkhole configuration. The sinkhole is where the traffic is being redirected, so that's what's going to be logged.
I'm not so sure about that, Sanjuana. If the traffic is being redirected to the sinkhole, then I think the log would show the IP address of the sinkhole, which is C. That's my guess.
I'm leaning towards B - the IP address of the command-and-control server. That's the original destination the malware-infected host was trying to reach, so I think that's what would be logged.
Hmm, this is an interesting one. I'm not entirely sure, but I think the answer might be C - the IP address specified in the sinkhole configuration. That makes the most sense to me, since the traffic is being redirected to the sinkhole.
upvoted 0 times
...
Log in to Pass4Success
Sign in:
Report Comment
Is the comment made by USERNAME spam or abusive?
Commenting
In order to participate in the comments you need to be logged-in.
You can sign-up or
login
Peggie
4 months agoAmber
5 months agoKati
6 months agoCorinne
6 months agoShawana
6 months agoRosalia
6 months agoAllene
6 months agoJanna
6 months agoCarey
6 months agoCharlena
6 months agoSelene
6 months agoCarlton
6 months agoSanjuana
6 months agoJesus
6 months ago