ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 289 discussion

Actual exam question from Cisco's 200-201
Question #: 289
Topic #: 1
[All 200-201 Questions]

A SOC analyst observed Ursnif malware at the SIEM dashboard. The analyst opened the PCAP file to search the certificate issue data. Where must the analyst navigate?

  • A. under the rdnSequence line
  • B. under the validity line
  • C. under the subject
  • D. under the signed certificate
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by JasonPhi at March 14, 2024, 1:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Andre70
1 year ago
Selected Answer: A
It should be A, it is more specific i think
upvoted 3 times
d503c75
7 months, 2 weeks ago
Agreed.
upvoted 1 times
...
...
JasonPhi
1 year, 1 month ago
answer is D. under the signedCertificate source: https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/
upvoted 2 times
d503c75
7 months, 2 weeks ago
https://unit42.paloaltonetworks.com/wireshark-tutorial-examining-ursnif-infections/ Figure 10. So, its the option A (more specific)
upvoted 1 times
...
f2354fb
1 year, 1 month ago
Under the signed certificate (issuer) there is the validity line, so I think B. is more specific :)
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago