350-701 · Question #364
350-701 Question #364: Real Exam Question with Answer & Explanation
The correct answer is A: W32/AutoRun worm. https://blog.talosintelligence.com/detecting-dns-data-exfiltration/ "These identify domains with similar patterns such as: 4-9-8-2-2-3-8-5-4-6-2-9-2-3-8-8---redacted---7-.0-0-0-0-0-0-0-0-0-0-0-0-0-49-0-0-0-0-0-0-0-0-0-0- 5-2-4-6-3-2-2-7-4-8-3-6-7-1-2-3---redacted---0-.0-0-0-0-0-0
Question
Refer to the exhibit. Consider that any feature of DNS requests, such as the length of the domain name and the number of subdomains, can be used to construct models of expected behavior to which observed values can be compared. Which type of malicious attack are these values associated with?
Options
- AW32/AutoRun worm
- BHeartBleed SSL Bug
- CEternal Blue Windows
- DSpectre Worm
Explanation
https://blog.talosintelligence.com/detecting-dns-data-exfiltration/ "These identify domains with similar patterns such as: 4-9-8-2-2-3-8-5-4-6-2-9-2-3-8-8---redacted---7-.0-0-0-0-0-0-0-0-0-0-0-0-0-49-0-0-0-0-0-0-0-0-0-0- 5-2-4-6-3-2-2-7-4-8-3-6-7-1-2-3---redacted---0-.0-0-0-0-0-0-0-0-0-0-0-0-0-49-0-0-0-0-0-0-0-0-0-0- 6-t-y-s-8-l-l-p-6-6-x-q-2-l-2-9-x-7---redacted---a-.0-0-0-0-0-0-0-0-0-0-0-0-0-45-0-0-0-0-0-0-0-0-0-0- 7-8-5-4-1-2-7-2-7-8-4-5-1-5-0-7---redacted---0-.0-0-0-0-0-0-0-0-0-0-0-0-0-28-0-0-0-0-0-0-0-0-0-0- which are known to be associated with the W32/AutoRun worm."
Topics
Community Discussion
No community discussion yet for this question.