ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 67 discussion

Actual exam question from Cisco's 350-201
Question #: 67
Topic #: 1
[All 350-201 Questions]


Refer to the exhibit. An engineer is performing a static analysis on a malware and knows that it is capturing keys and webcam events on a company server. What is the indicator of compromise?

  • A. The malware is performing comprehensive fingerprinting of the host, including a processor, motherboard manufacturer, and connected removable storage.
  • B. The malware is a ransomware querying for installed anti-virus products and operating systems to encrypt and render unreadable until payment is made for file decryption.
  • C. The malware has moved to harvesting cookies and stored account information from major browsers and configuring a reverse proxy for intercepting network activity.
  • D. The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Bobster02 at Nov. 28, 2021, 12:17 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bobster02
Highly Voted 1 year, 11 months ago
Selected Answer: D
D. The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval.
upvoted 11 times
...
DrVoIP
Most Recent 8 months, 2 weeks ago
The indicator of compromise in this scenario is: D. The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval. ChatGPT
upvoted 1 times
...
ETSec
9 months, 2 weeks ago
D. The malware contains an encryption and decryption routine to hide URLs/IP addresses and is storing the output of loggers and webcam captures in locally encrypted files for retrieval. An indicator of compromise (IOC) is a characteristic of an attack that can be used to identify it. In this scenario, the malware is capturing keys and webcam events on a company server. One way it could do this is by using an encryption and decryption routine to hide URLs/IP addresses and storing the output of loggers and webcam captures in locally encrypted files for retrieval. This behavior is an indicator of compromise, as it shows that the malware is attempting to hide its tracks and steal sensitive information from the company.
upvoted 1 times
...
kyle942
10 months, 3 weeks ago
Selected Answer: B
https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.aescryptoserviceprovider?view=net-7.0
upvoted 1 times
...
attiko
1 year ago
Selected Answer: D
based on that the code is all about encrypting, the obvious answer is D
upvoted 1 times
...
kyle942
1 year, 1 month ago
Selected Answer: D
https://gist.github.com/yetanotherchris/810c5900616b6c76f78dedda9bf3be85
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago