Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 34

An analyst is alerted for a malicious file hash. After analysis, the analyst determined that an internal workstation is communicating over port 80 with an external server and that the file hash is associated with Duqu malware. Which tactics, techniques, and procedures align with this analysis?

Answer options

• A. Command and Control, Application Layer Protocol, Duqu
• B. Discovery, Remote Services: SMB/Windows Admin Shares, Duqu
• C. Lateral Movement, Remote Services: SMB/Windows Admin Shares, Duqu
• D. Discovery, System Network Configuration Discovery, Duqu

Correct answer: A

Explanation

The correct answer is A because the communication over port 80 indicates a Command and Control connection using an Application Layer Protocol, often utilized by malware like Duqu. The other options refer to different tactics that do not align with the context of an external communication indicating a malicious activity.