Question 101 of 108 from exam 200-201-CBROPS: Understanding Cisco Cybersecurity Operations Fundamentals

Question 101 of 108 from exam 200-201-CBROPS: Understanding Cisco Cybersecurity Operations Fundamentals

Prev Question Next Question

Question

File Actions Edit View — Help 48 41.270348133 185.199.111.153 ~ 192.168.88.164 TLSv1.2 123 Application Data 49 41.270348165 185.199.111.153 + 192.168.88.164 TLSv1.2)104 Application Data 50 41.270356290 192.168.88.164 ~ 185.199.111.153 TCP 66 44736 443 [ACK] Seq=834 Ack=3104 Win=64128 Len=0 TSval=3947973757 TSecr=2989424849 51 41.270369874 192.168.88.164 + 185.199.111.153 TCP 66 44736 ~ 443 [ACK] Seq=834 Ack=3142 Win=64128 Len=0 TSval=3947973757 TSecr=2989424849 52 41.270430171 192.168.88.164 ~ 185.199.111.153 TLSv1.2 104 Application Data 53 41.271767772 185.199.111.153 ~ 192.168.88:164 TLSv1.2 2854 Application Data 54 41.271767817 185.199.111.153 + 192.168,88.164 TLSv1.2 904 Application Data 55 41.271788996 192.168.88.164 + 185.199.111.153 TCP 66 44736 ~ 443 [ACK] Seq-872 Ack=6768 Win=62592 Len-0 TSval=3947973758» TSecr=2989424849 56 41.271973293 192.168.88.164 ~ 185.199.111.153 TLSv1.2 97 Encrypted Alert 57 41.272411701 192.168.88.164 + 185.199.112.153 TCP 66 44736 ~ 443 [FIN, ACK] Seq=903 Ack=6768 Win=64128 Len=0 TSyal=3947973759 TSecr=2989424849 58 41.283301751 185.199.111.153 — 192.168.88.164 TCP 66 443 ~ 44736 [ACK] Seq=6768 Ack=903 Win=28160 Len=0 TSval=2989424852 TSecr=3947973757 59 41.283301808 185.199.111.153 ~ 192.168.88.164 TLSv1.2 97 Encrypted Alert 60 41.283321947 192.168.88.164 ~ 185.199.111.153 TCP 54 44736 — 443 [RST] Seq=903 Win=0 Len=0 61 41.283939151 185.199.111.153 4 192.168.88.164 TCP 66 443 ~ 44736 [FIN, ACK] Seq-6799 Ack=903 Win=28160 Len-0 TSval=2989424852 TSecr=3947973757 62 41.283945760 192.168.88.164 ~ 185.199.111.153 TCP 54 44736 ~ 443 [RST] 03 Win=0 Len=0 63 41.284635561 185,199.111.153 + 192.168.88.164 TCP 66 443 ~ 44736 [ACK] Seq=6800 Ack=904 Win=28160 Len=0 TSval=2989424853 TSecr=3947973759 64 41.284642324 192.168.88.164 ~ 185.199.111.153 TCP 54 44736 ~ 443 [RST] Seq=904 Win=0 Len=0

An analyst is investigating a host in the network that appears to be communicating to a command and control server on the Internet.

After collecting this packet capture, the analyst cannot determine the technique and payload used for the communication.

Which obfuscation technique is the attacker using?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

Prev Question Next Question