ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 9 - SY0-601 discussion

Report
Export

HOTSPOT

You are security administrator investigating a potential infection on a network.

Click on each host and firewall. Review all logs to determine which host originated the Infecton and then deny each remaining hosts clean or infected.



Question 9
Correct answer: Question 9

Explanation:

Based on the logs, it seems that the host that originated the infection is 192.168.10.22. This host has a suspicious process named svchost.exe running on port 443, which is unusual for a Windows service.It also has a large number of outbound connections to different IP addresses on port 443, indicating that it is part of a botnet.The firewall log shows that this host has been communicating with 10.10.9.18, which is another infected host on the engineering network. This host also has a suspicious process named svchost.exe running on port 443, and a large number of outbound connections to different IP addresses on port 443.The other hosts on the R&D network (192.168.10.37 and 192.168.10.41) are clean, as they do not have any suspicious processes or connections.


asked 02/10/2024
Ali Alaqoul
43 questions
User
0 comments
Sorted by

Leave a comment first