200-201 · Question #465
200-201 Question #465: Real Exam Question with Answer & Explanation
The correct answer is D: Identifying possible malware communications and botnet activity. The exhibit shows a Wireshark capture, with multiple suspicious HTTP POST requests and connections to various IP addresses and domains. This pattern of traffic suggests potential malware or botnet communication for the following reasons: Multiple POST requests: POST requests are
Question
Refer to the exhibit. What is occurring?
Options
- AMonitoring of encrypted and unencrypted web sessions for diagnostics.
- BAnalysis of traffic flows during network capacity testing.
- CReview of session logs for performance optimization in a distributed application environment.
- DIdentifying possible malware communications and botnet activity
Explanation
The exhibit shows a Wireshark capture, with multiple suspicious HTTP POST requests and connections to various IP addresses and domains. This pattern of traffic suggests potential malware or botnet communication for the following reasons: Multiple POST requests: POST requests are often used by malware to exfiltrate data or communicate with command-and-control (C2) servers. Connection to multiple domains and IP addresses: The traffic involves connections to various domains that do not seem to be related to legitimate business functions. Malware typically communicates with several external servers or C2 infrastructure, as seen in botnet activity. Client Hello messages: These messages could be part of the malware's encrypted communication channels (using TLS), making it difficult to inspect the content without decrypting the traffic.
Topics
Community Discussion
No community discussion yet for this question.