Check any website status at: Is Web Down?

Question 20 of 32 from exam 300-215-CBRFIR: Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps

Question 20 of 32 from exam 300-215-CBRFIR: Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps

Prev Question Next Question

Question

45 0,000658000 0.000485000 Negotiate Protocol Response

21 0.004157000 0,000499000 Session Setup AndX Response, NTLMSSP_CHALLENGE, Error:
STATUS MORE PROCESSING REQUIRED

3.0.001257000 0.000991000 Session Setup AndX Response, Error: STATUS_LOGON_FAILURE

Session Setup AndX Response
61 0.000639000 0.000302000 ‘Tree Connect Andx Response

163 0.002314000 0.000354000 IMT Create AndX Response, FID: 0x4000

£65 0.000440000 0.000249000 ‘Write AndX Response, FID: 0x4000, 72 bytes
67 0.000336000 0.000232000

‘69 0.000528000 0.000429000

71 0.000417000 0,000317000

73.0.000324000 0,000215000

76 0.232074000 0,000322000 INT Create Andx Response, FID: 0x4001

778 0.000420000 0,000242000 Write AndX Response, FID: Ox4001, 72 bytes
‘80 0.000332000 0.000228000

'82 0.000472000 0.000372000

‘84 0.000433000 0.000320000

'86 0.000416000 0.000310000

'88 0.000046500 0.000366000

‘90 0.067630000 0.967518000

‘92 0.000515000 0.000391000

‘94 0.000477000 0.000368000

‘96 0.090664000 0.090363000

‘98 0.006860000 0.000280000
+00 0.000312000 0.000229000

SMB Close Response, FID: 0x4001

Refer to the exhibit.

An engineer is analyzing a TCP stream in a Wireshark after a suspicious email with a URL.

What should be determined about the SMB traffic from this stream?

Answers

A. It is redirecting to a malicious phishing website,

B. It is exploiting redirect vulnerability

C. It is requesting authentication on the user site.

D. It is sharing access to files and printers.

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

Prev Question Next Question