Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 350-201 Topic 12 Question 108 Discussion

Actual exam question for Cisco's 350-201 exam
Question #: 108
Topic #: 12
[All 350-201 Questions]

An analyst is alerted for a malicious file hash. After analysis, the analyst determined that an internal workstation is communicating over port 80 with an external server and that the file hash is associated with Duqu malware. Which tactics, techniques, and procedures align with this analysis?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Angella at Mar 21, 2025, 07:53 AM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Herschel
2 months ago
I hope the exam question isn't as 'Duqu'ced up as this one. Anyway, A) seems like the best choice to me.
upvoted 0 times
Margery
2 months ago
User 2: Yeah, Command and Control, Application Layer Protocol, Duqu make sense.
upvoted 0 times
...
Miriam
2 months ago
User 1: I agree, A) seems like the right choice.
upvoted 0 times
...
...
Eden
2 months ago
But Vernice, the analysis mentioned port 80 communication, which is not related to SMB/Windows Admin Shares.
upvoted 0 times
...
Vernice
2 months ago
I believe the answer is B) Discovery, Remote Services: SMB/Windows Admin Shares, Duqu.
upvoted 0 times
...
Cora
2 months ago
I agree with Eden, because the internal workstation communicating with an external server over port 80 aligns with Command and Control tactics.
upvoted 0 times
...
Timothy
3 months ago
A) is the way to go, no doubt. Duqu is notorious for using Application Layer Protocol for its Command and Control activities.
upvoted 0 times
...
Lawrence
3 months ago
Hmm, I'm not sure. D) Discovery, System Network Configuration Discovery, Duqu could also be a possibility, as the analyst was alerted about a malicious file hash.
upvoted 0 times
Beula
2 months ago
True, but C) Lateral Movement, Remote Services: SMB/Windows Admin Shares, Duqu aligns better with the communication over port 80 with an external server.
upvoted 0 times
...
Alfreda
2 months ago
I agree, but B) Discovery, Remote Services: SMB/Windows Admin Shares, Duqu could also be a valid option.
upvoted 0 times
...
Loreta
2 months ago
I think A) Command and Control, Application Layer Protocol, Duqu makes more sense in this scenario.
upvoted 0 times
...
...
Eden
3 months ago
I think the answer is A) Command and Control, Application Layer Protocol, Duqu.
upvoted 0 times
...
Frederic
3 months ago
I think C) Lateral Movement, Remote Services: SMB/Windows Admin Shares, Duqu is the correct answer. The workstation communicating with an external server suggests lateral movement.
upvoted 0 times
King
2 months ago
User 2
upvoted 0 times
...
Clay
2 months ago
User 1
upvoted 0 times
...
...
Wade
3 months ago
A) Definitely! The communication over port 80 and the file hash association with Duqu malware point to Command and Control, Application Layer Protocol, and Duqu tactics, techniques, and procedures.
upvoted 0 times
Angelyn
2 months ago
C) Maybe there's also Lateral Movement involved with Remote Services: SMB/Windows Admin Shares.
upvoted 0 times
...
Tamar
2 months ago
B) I agree, it could also involve Discovery and Remote Services: SMB/Windows Admin Shares.
upvoted 0 times
...
Amie
3 months ago
A) Definitely! The communication over port 80 and the file hash association with Duqu malware point to Command and Control, Application Layer Protocol, and Duqu tactics, techniques, and procedures.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77