200-201 Question #506: Real Exam Question with Answer & Explanation

The correct answer is D: Malware attempting to spread laterally. The logs indicate repeated attempts to access ports 135, 139, and 445, which are commonly used for Windows file sharing and remote management. These ports are frequently targeted by malware and worms attempting to spread laterally across a network. The fact that these connections

Submitted by deeparc· Mar 6, 2026Network Intrusion Analysis

Question

Refer to the exhibit. What type of event is occurring?

Options

ALegitimate web browsing activity
BDistributed Denial of Service (DDoS) attack
CUser trying to access a file share
DMalware attempting to spread laterally

Explanation

The logs indicate repeated attempts to access ports 135, 139, and 445, which are commonly used for Windows file sharing and remote management. These ports are frequently targeted by malware and worms attempting to spread laterally across a network. The fact that these connections are blocked suggests that a security mechanism, such as a firewall or endpoint protection, is preventing unauthorized access. Additionally, the successful HTTP (port 80) and HTTPS (port 443) connections indicate normal web browsing activity, but they are unrelated to the blocked internal traffic. The repeated blocked attempts to access SMB and RPC services strongly suggest malware propagation behavior rather than a user manually trying to access a file share.

Topics

#malware activity#lateral movement#network forensics#event analysis

Community Discussion

No community discussion yet for this question.

Full 200-201 Practice Browse All 200-201 Questions