Question 101 of 108 from exam 200-201-CBROPS: Understanding Cisco Cybersecurity Operations Fundamentals
Question
![File Actions Edit View — Help
48 41.270348133 185.199.111.153 ~ 192.168.88.164 TLSv1.2 123 Application Data
49 41.270348165 185.199.111.153 + 192.168.88.164 TLSv1.2)104 Application Data
50 41.270356290 192.168.88.164 ~ 185.199.111.153 TCP 66 44736 443 [ACK]
Seq=834 Ack=3104 Win=64128 Len=0 TSval=3947973757 TSecr=2989424849
51 41.270369874 192.168.88.164 + 185.199.111.153 TCP 66 44736 ~ 443 [ACK]
Seq=834 Ack=3142 Win=64128 Len=0 TSval=3947973757 TSecr=2989424849
52 41.270430171 192.168.88.164 ~ 185.199.111.153 TLSv1.2 104 Application Data
53 41.271767772 185.199.111.153 ~ 192.168.88:164 TLSv1.2 2854 Application Data
54 41.271767817 185.199.111.153 + 192.168,88.164 TLSv1.2 904 Application Data
55 41.271788996 192.168.88.164 + 185.199.111.153 TCP 66 44736 ~ 443 [ACK]
Seq-872 Ack=6768 Win=62592 Len-0 TSval=3947973758» TSecr=2989424849
56 41.271973293 192.168.88.164 ~ 185.199.111.153 TLSv1.2 97 Encrypted Alert
57 41.272411701 192.168.88.164 + 185.199.112.153 TCP 66 44736 ~ 443 [FIN, ACK]
Seq=903 Ack=6768 Win=64128 Len=0 TSyal=3947973759 TSecr=2989424849
58 41.283301751 185.199.111.153 — 192.168.88.164 TCP 66 443 ~ 44736 [ACK]
Seq=6768 Ack=903 Win=28160 Len=0 TSval=2989424852 TSecr=3947973757
59 41.283301808 185.199.111.153 ~ 192.168.88.164 TLSv1.2 97 Encrypted Alert
60 41.283321947 192.168.88.164 ~ 185.199.111.153 TCP 54 44736 — 443 [RST]
Seq=903 Win=0 Len=0
61 41.283939151 185.199.111.153 4 192.168.88.164 TCP 66 443 ~ 44736 [FIN, ACK]
Seq-6799 Ack=903 Win=28160 Len-0 TSval=2989424852 TSecr=3947973757
62 41.283945760 192.168.88.164 ~ 185.199.111.153 TCP 54 44736 ~ 443 [RST]
03 Win=0 Len=0
63 41.284635561 185,199.111.153 + 192.168.88.164 TCP 66 443 ~ 44736 [ACK]
Seq=6800 Ack=904 Win=28160 Len=0 TSval=2989424853 TSecr=3947973759
64 41.284642324 192.168.88.164 ~ 185.199.111.153 TCP 54 44736 ~ 443 [RST]
Seq=904 Win=0 Len=0](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/Understanding-Cisco-Cybersecurity-Operations-Fundamentals-(CBROPS)/question/img0005300001.png)
An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet.
After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.
Which obfuscation technique is the attacker using?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.B.