Which statement correctly describes a botnet filter category?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
A botnet filter is a security mechanism that helps prevent botnets from communicating with command and control (C&C) servers. Botnets are networks of compromised computers that can be used to conduct a variety of malicious activities, such as distributed denial-of-service (DDoS) attacks, spamming, and phishing. Botnet filters use dynamic databases to identify and block traffic to known botnet C&C servers.
The question is asking which statement correctly describes a botnet filter category. Let's examine each answer choice:
A. Unlisted addresses: The addresses are malware addresses that are not identified by the dynamic database and are hence defined statically.
This answer choice suggests that botnet filters maintain a static list of malware addresses that are not identified by the dynamic database. However, this is not an accurate description of a botnet filter category, as botnet filters typically use dynamic databases that are updated in real-time to identify and block traffic to known botnet C&C servers.
B. Ambiguous addresses: In this case, the same domain name has multiple malware addresses but not all the addresses are in the dynamic database. These addresses are on the graylist.
This answer choice suggests that botnet filters maintain a graylist of ambiguous addresses, where the same domain name has multiple malware addresses but not all the addresses are in the dynamic database. However, this is also not an accurate description of a botnet filter category, as botnet filters typically use dynamic databases that are updated in real-time to identify and block traffic to known botnet C&C servers.
C. Known malware addresses: These addresses are identified as blacklist addresses in the dynamic database and static list.
This answer choice is the correct description of a botnet filter category. Botnet filters maintain a dynamic database of known malware addresses, which are identified as blacklist addresses. This database is updated in real-time to identify and block traffic to known botnet C&C servers.
D. Known allowed addresses: These addresses are identified as whitelist addresses that are bad addresses but still allowed.
This answer choice is also incorrect. Whitelist addresses are typically considered to be trusted or allowed addresses, while botnet filters are designed to block traffic to known botnet C&C servers. Therefore, a botnet filter category would not include known allowed addresses that are considered to be bad addresses.
In conclusion, the correct answer is C. A botnet filter category includes known malware addresses that are identified as blacklist addresses in the dynamic database and static list.