Cisco
350-201 · Question #2
350-201 Question #2: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201 to reveal the answer and full explanation for question #2. The question stem and answer options stay visible for context.
Question
Refer to the exhibit. An engineer is analyzing this Vlan0392-int12-239.pcap file in Wireshark after detecting a suspicious network activity. The origin header for the direct IP connections in the packets was initiated by a google chrome extension on a WebSocket protocol. The engineer checked message payloads to determine what information was being sent off-site but the payloads are obfuscated and unreadable. What does this STIX indicate?
Exhibit
Options
- AThe extension is not performing as intended because of restrictions since ports 80 and 443
- BThe traffic is legitimate as the google chrome extension is reaching out to check for updates and
- CThere is a possible data leak because payloads should be encoded as UTF-8 text
- DThere is a malware that is communicating via encrypted channels to the command and control
Unlock 350-201 to see the answer
You've previewed enough free 350-201 questions. Unlock 350-201 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.