Solved

A Security Analyst Is Reviewing Packet Captures from a System

Question 55

Multiple Choice

A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following: A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following: Which of the following can the analyst conclude? A) Malware is attempting to beacon to 128.50.100.3. B) The system is running a DoS attack against ajgidwle.com. C) The system is scanning ajgidwle.com for PII. D) Data is being exfiltrated over DNS. Which of the following can the analyst conclude?


A) Malware is attempting to beacon to 128.50.100.3.
B) The system is running a DoS attack against ajgidwle.com.
C) The system is scanning ajgidwle.com for PII.
D) Data is being exfiltrated over DNS.

Correct Answer:

verifed

Verified

Unlock this answer now
Get Access to more Verified Answers free of charge

Related Questions

Q50: Which of the following attacks can be

Q51: A security analyst reviews the following aggregated

Q52: A security analyst is reviewing the logs

Q53: The inability to do remote updates of

Q54: A forensic analyst took an image of

Q56: A security is responding to an incident

Q57: An organization that handles sensitive financial information

Q58: A large software company wants to move

Q59: Which of the following will allow different

Q60: An organization has not had an incident