24.1.7 Check Your Understanding – Identify the Monitored Protocol Answers

1. Which of the following can carry malware payloads into the network?

  • DNS
  • HTTPS
  • IMAP
  • syslog
  • SMTP

Explanation: IMAP can carry malware payloads into the network.

2. Which of the following presents challenges to decoding packet captures?

  • HTTPS
  • DNS
  • SMTP
  • syslog
  • NTP

Explanation: HTTPS presents challenges to decoding packet captures.

3. Which of the following can be used to exfiltrate data hidden in the query messages?

  • IMAP
  • NTP
  • SMTP
  • DNS
  • syslog

Explanation: DNS can be used to exfiltrate data hidden in the query messages.

4. Time stamps that are provided by which protocol may be corrupted to complicate event correlation?

  • syslog
  • SMTP
  • NTP
  • DNS
  • HTTPS

Explanation: NTP stamps may be corrupted to complicate event correlation.


guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x