Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 300-215 Topic 7 Question 68 Discussion

Actual exam question for Cisco's 300-215 exam
Question #: 68
Topic #: 7
[All 300-215 Questions]

Refer to the exhibit.

A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the Wireshark traffic logs?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Lavonna at Jan 23, 2024, 11:14 PM

Limited Time Offer

25%

Off

Get Premium 300-215 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Marti
1 months ago
I have to say, these Wireshark filters are starting to sound like Klingon to me. Why can't they just call it 'Find the Bad Guy' filter?
upvoted 0 times
Page
6 days ago
User 3: It's all about finding the needle in the haystack.
upvoted 0 times
...
Irving
14 days ago
User 2: I agree, it feels like learning a new language.
upvoted 0 times
...
Fredric
18 days ago
User 1: I know right, these filters can be so confusing.
upvoted 0 times
...
...
Amie
2 months ago
D) tcp.window_size ==0? What kind of weird filter is that? I'm pretty sure the answer has to be one of the HTTP-related options. Maybe Jolanda is onto something with that http.request.un matches filter.
upvoted 0 times
Jettie
2 days ago
I agree, let's go with that option for sorting the Wireshark traffic logs.
upvoted 0 times
...
Aleisha
3 days ago
Yeah, that filter seems more relevant to finding the HTTP request for the Ursnif banking Trojan.
upvoted 0 times
...
Mammie
5 days ago
I think Jolanda might be right with the http.request.un matches filter.
upvoted 0 times
...
...
Albina
2 months ago
Hmm, I was leaning towards C) tcp.port eq 25, since that could detect the SMTP traffic associated with the malware. But I guess the HTTP request is the more direct way to identify the initial download.
upvoted 0 times
Herman
16 days ago
User3: I agree, it's the most direct way to identify the Ursnif banking Trojan binary download.
upvoted 0 times
...
Haley
1 months ago
User2: Yeah, that filter would specifically target the HTTP request we are looking for.
upvoted 0 times
...
Kenneth
1 months ago
User1: I think the correct filter is A) http.request.un matches
upvoted 0 times
...
...
Alisha
2 months ago
I was thinking B) tls.handshake.type ==1 might be the right answer, since the Ursnif malware is likely using encrypted communication. But you make a good point, A) is probably the best choice here.
upvoted 0 times
...
Jolanda
2 months ago
I'm pretty sure the answer is A) http.request.un matches. The question is specifically asking about the HTTP request that triggered the Ursnif download, so that filter seems like the most relevant one.
upvoted 0 times
...
Truman
2 months ago
But the question specifically mentions analyzing the HTTP request, so A) seems more relevant.
upvoted 0 times
...
Berry
2 months ago
I disagree, I believe the correct answer is B) tls.handshake.type ==1.
upvoted 0 times
...
Truman
2 months ago
I think the answer is A) http.request.un matches.
upvoted 0 times
...
Davida
2 months ago
But the question specifically mentions analyzing the HTTP request, so A) seems more relevant.
upvoted 0 times
...
Shanice
2 months ago
I disagree, I believe the correct answer is B) tls.handshake.type ==1.
upvoted 0 times
...
Davida
3 months ago
I think the answer is A) http.request.un matches.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77