nerdexam
Cisco

350-701 · Question #364

Refer to the exhibit. Consider that any feature of DNS requests, such as the length of the domain name and the number of subdomains, can be used to construct models of expected behavior to which obser

The correct answer is A. W32/AutoRun worm. https://blog.talosintelligence.com/detecting-dns-data-exfiltration/ "These identify domains with similar patterns such as: 4-9-8-2-2-3-8-5-4-6-2-9-2-3-8-8---redacted---7-.0-0-0-0-0-0-0-0-0-0-0-0-0-49-0-0-0-0-0-0-0-0-0-0- 5-2-4-6-3-2-2-7-4-8-3-6-7-1-2-3---redacted---0-.0-0-0-0-0-0

Submitted by ahmad_uae· Mar 30, 2026

Question

Refer to the exhibit. Consider that any feature of DNS requests, such as the length of the domain name and the number of subdomains, can be used to construct models of expected behavior to which observed values can be compared. Which type of malicious attack are these values associated with?

Exhibit

350-701 question #364 exhibit

Options

  • AW32/AutoRun worm
  • BHeartBleed SSL Bug
  • CEternal Blue Windows
  • DSpectre Worm

How the community answered

(38 responses)
  • A
    87% (33)
  • B
    3% (1)
  • C
    3% (1)
  • D
    8% (3)

Explanation

https://blog.talosintelligence.com/detecting-dns-data-exfiltration/ "These identify domains with similar patterns such as: 4-9-8-2-2-3-8-5-4-6-2-9-2-3-8-8---redacted---7-.0-0-0-0-0-0-0-0-0-0-0-0-0-49-0-0-0-0-0-0-0-0-0-0- 5-2-4-6-3-2-2-7-4-8-3-6-7-1-2-3---redacted---0-.0-0-0-0-0-0-0-0-0-0-0-0-0-49-0-0-0-0-0-0-0-0-0-0- 6-t-y-s-8-l-l-p-6-6-x-q-2-l-2-9-x-7---redacted---a-.0-0-0-0-0-0-0-0-0-0-0-0-0-45-0-0-0-0-0-0-0-0-0-0- 7-8-5-4-1-2-7-2-7-8-4-5-1-5-0-7---redacted---0-.0-0-0-0-0-0-0-0-0-0-0-0-0-28-0-0-0-0-0-0-0-0-0-0- which are known to be associated with the W32/AutoRun worm."

Topics

#DNS anomaly detection#Malware C2 communication#Worm attacks

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice