Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 350-201 Topic 12 Question 108 Discussion

Actual exam question for Cisco's 350-201 exam
Question #: 108
Topic #: 12
[All 350-201 Questions]

An analyst is alerted for a malicious file hash. After analysis, the analyst determined that an internal workstation is communicating over port 80 with an external server and that the file hash is associated with Duqu malware. Which tactics, techniques, and procedures align with this analysis?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Angella at Mar 21, 2025, 07:53 AM

Limited Time Offer

25%

Off

Get Premium 350-201 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Herschel
11 days ago
I hope the exam question isn't as 'Duqu'ced up as this one. Anyway, A) seems like the best choice to me.
upvoted 0 times
...
Eden
19 days ago
But Vernice, the analysis mentioned port 80 communication, which is not related to SMB/Windows Admin Shares.
upvoted 0 times
...
Vernice
20 days ago
I believe the answer is B) Discovery, Remote Services: SMB/Windows Admin Shares, Duqu.
upvoted 0 times
...
Cora
22 days ago
I agree with Eden, because the internal workstation communicating with an external server over port 80 aligns with Command and Control tactics.
upvoted 0 times
...
Timothy
24 days ago
A) is the way to go, no doubt. Duqu is notorious for using Application Layer Protocol for its Command and Control activities.
upvoted 0 times
...
Lawrence
28 days ago
Hmm, I'm not sure. D) Discovery, System Network Configuration Discovery, Duqu could also be a possibility, as the analyst was alerted about a malicious file hash.
upvoted 0 times
Alfreda
16 days ago
I agree, but B) Discovery, Remote Services: SMB/Windows Admin Shares, Duqu could also be a valid option.
upvoted 0 times
...
Loreta
18 days ago
I think A) Command and Control, Application Layer Protocol, Duqu makes more sense in this scenario.
upvoted 0 times
...
...
Eden
1 months ago
I think the answer is A) Command and Control, Application Layer Protocol, Duqu.
upvoted 0 times
...
Frederic
1 months ago
I think C) Lateral Movement, Remote Services: SMB/Windows Admin Shares, Duqu is the correct answer. The workstation communicating with an external server suggests lateral movement.
upvoted 0 times
King
14 days ago
User 2
upvoted 0 times
...
Clay
20 days ago
User 1
upvoted 0 times
...
...
Wade
1 months ago
A) Definitely! The communication over port 80 and the file hash association with Duqu malware point to Command and Control, Application Layer Protocol, and Duqu tactics, techniques, and procedures.
upvoted 0 times
Angelyn
18 days ago
C) Maybe there's also Lateral Movement involved with Remote Services: SMB/Windows Admin Shares.
upvoted 0 times
...
Tamar
21 days ago
B) I agree, it could also involve Discovery and Remote Services: SMB/Windows Admin Shares.
upvoted 0 times
...
Amie
1 months ago
A) Definitely! The communication over port 80 and the file hash association with Duqu malware point to Command and Control, Application Layer Protocol, and Duqu tactics, techniques, and procedures.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77