Question 14 of 160 from exam CS0-002: CompTIA CySA+

Question 14 of 160 from exam CS0-002: CompTIA CySA+

Prev Question Next Question

Question

A security analyst is reviewing packet captures from a system that was compromised.

The system was already isolated from the network, but it did have network access for a few hours after being compromised.

When viewing the capture in a packet analyzer, the analyst sees the following:

209 209 209 209 -095091 186945 189567 ~296854 IP IP IP IP BPRER BREE 47787 -47788 -47789 -47790 128. 128. 128. 128. -100. -100. -100. -100. 248202+ 249675+ 250986+ 251567+ A? A? A? A? michael.smith.334-54-2343.985-334-5643.1123-kathman-dr.ajgidwle.com. ronald. young. 437—-96-6523.212-635-6528.2426-riverland-st.ajgidwle.com. mark. leblanc. 485—-63-5278.802-632-5841.68951-peachtree-st.ajgidwle.com. gina.buras.471-96-2354.313-654-9254.3698-mcghee-rd.ajgidwle.com.

Which of the following can the analyst conclude?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

Prev Question Next Question