350-701 · Question #364
Refer to the exhibit. Consider that any feature of DNS requests, such as the length of the domain name and the number of subdomains, can be used to construct models of expected behavior to which obser
The correct answer is A. W32/AutoRun worm. https://blog.talosintelligence.com/detecting-dns-data-exfiltration/ "These identify domains with similar patterns such as: 4-9-8-2-2-3-8-5-4-6-2-9-2-3-8-8---redacted---7-.0-0-0-0-0-0-0-0-0-0-0-0-0-49-0-0-0-0-0-0-0-0-0-0- 5-2-4-6-3-2-2-7-4-8-3-6-7-1-2-3---redacted---0-.0-0-0-0-0-0
Question
Refer to the exhibit. Consider that any feature of DNS requests, such as the length of the domain name and the number of subdomains, can be used to construct models of expected behavior to which observed values can be compared. Which type of malicious attack are these values associated with?
Exhibit
Options
- AW32/AutoRun worm
- BHeartBleed SSL Bug
- CEternal Blue Windows
- DSpectre Worm
How the community answered
(38 responses)- A87% (33)
- B3% (1)
- C3% (1)
- D8% (3)
Explanation
https://blog.talosintelligence.com/detecting-dns-data-exfiltration/ "These identify domains with similar patterns such as: 4-9-8-2-2-3-8-5-4-6-2-9-2-3-8-8---redacted---7-.0-0-0-0-0-0-0-0-0-0-0-0-0-49-0-0-0-0-0-0-0-0-0-0- 5-2-4-6-3-2-2-7-4-8-3-6-7-1-2-3---redacted---0-.0-0-0-0-0-0-0-0-0-0-0-0-0-49-0-0-0-0-0-0-0-0-0-0- 6-t-y-s-8-l-l-p-6-6-x-q-2-l-2-9-x-7---redacted---a-.0-0-0-0-0-0-0-0-0-0-0-0-0-45-0-0-0-0-0-0-0-0-0-0- 7-8-5-4-1-2-7-2-7-8-4-5-1-5-0-7---redacted---0-.0-0-0-0-0-0-0-0-0-0-0-0-0-28-0-0-0-0-0-0-0-0-0-0- which are known to be associated with the W32/AutoRun worm."
Topics
Community Discussion
No community discussion yet for this question.
