Cisco Exam 300-215 Topic 6 Question 87 Discussion

Actual exam question for Cisco's 300-215 exam

Question #: 87
Topic #: 6

Refer to the exhibit.

According to the Wireshark output, what are two indicators of compromise for detecting an Emotet malware download? (Choose two.)

ADomain name:iraniansk.com

BServer: nginx

CHash value: 5f31ab113af08=1597090577

Dfilename= ''Fy.exe''

EContent-Type: application/octet-stream

Show Suggested Answer

Suggested Answer: D

by Vanna at Sep 18, 2024, 09:25 PM

Limited Time Offer

25%

Off

Get Premium 300-215 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Jordan

Haha, 'Fy.exe'? Really? They couldn't come up with a more creative file name? And the domain 'iraniansk.com' - sounds like it was registered by a toddler.

upvoted 0 times

...

Dottie

6 days ago

The nginx server and the content type 'application/octet-stream' are also good signs that something fishy is going on. I bet the hash value is just there to confuse us.

upvoted 0 times

...

Art

17 days ago

I'm not sure about the hash value, but I think the filename and content type could also be indicators of compromise.

upvoted 0 times

...

Pearly

18 days ago

I agree with you, Johnathon. The domain name and hash value seem like key indicators in this case.

upvoted 0 times

...

Casey

21 days ago

The domain name 'iraniansk.com' and the file name 'Fy.exe' are definitely indicators of compromise for Emotet malware. This is really helpful information to detect and prevent such attacks.

upvoted 0 times

Fausto

21 hours ago

I agree, those are definitely key indicators to look out for.

upvoted 0 times

...

Johnathon

27 days ago

I think the indicators of compromise for detecting Emotet malware download are domain name and hash value.

upvoted 0 times

...