Cisco Exam 300-215 Topic 7 Question 68 Discussion

Actual exam question for Cisco's 300-215 exam

Question #: 68
Topic #: 7

Refer to the exhibit.

A network engineer is analyzing a Wireshark file to determine the HTTP request that caused the initial Ursnif banking Trojan binary to download. Which filter did the engineer apply to sort the Wireshark traffic logs?

Ahttp.request.un matches

Btls.handshake.type ==1

Ctcp.port eq 25

Dtcp.window_size ==0

Show Suggested Answer

Suggested Answer: D

by Lavonna at Jan 23, 2024, 11:14 PM

Limited Time Offer

25%

Off

Get Premium 300-215 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Alisha

I was thinking B) tls.handshake.type ==1 might be the right answer, since the Ursnif malware is likely using encrypted communication. But you make a good point, A) is probably the best choice here.

upvoted 0 times

...

Jolanda

2 days ago

I'm pretty sure the answer is A) http.request.un matches. The question is specifically asking about the HTTP request that triggered the Ursnif download, so that filter seems like the most relevant one.

upvoted 0 times

...