Understanding Cisco Cybersecurity Fundamentals (SECFND, legacy) — Question 76

Which two methods might be used by an analyst to detect SSL/TLS encrypted command-and-control communication? (Choose two.)

Answer options

• A. perform decryption and inspection of SSL/TLS traffic
• B. perform firewall HTTP application inspection to detect for the command and control traffic
• C. perform IPS HTTP deep packets inspection to detect for the command and control traffic
• D. perform analysis of the NetFlow data to detect anomalous TLS/SSL flows

Correct answer: A, D

Explanation

The correct answers are A and D because decrypting and inspecting SSL/TLS traffic allows for the visibility necessary to detect command-and-control communications, while analyzing NetFlow data helps identify patterns that indicate anomalies. Options B and C, while useful for inspecting HTTP traffic, may not effectively address encrypted SSL/TLS communications, limiting their applicability in this context.