CBRCOR Exam QuestionsBrowse all questions from this exam
Go to Exam

CBRCOR Exam - Question 127

Refer to the exhibit. An engineer is performing static analysis of a file received and reported by a user. Which risk is indicated in this STIX?

Show Answer
Correct Answer: D

The code snippet shown makes an HTTP request to a specific URL (http://freegeoip.net/xml/) and parses the returned XML response to extract various pieces of geographic information. The extracted information includes IP address, country name, country code, region name, city, and time zone. Given this behavior, the file is redirecting users to a website that is determining users' geographic location.

Discussion

3 comments
Sign in to comment
DrVoIP
Mar 1, 2023

The exhibit provided in the question does not contain a STIX document or any information that can be used to determine the risk or threat posed by the code. The exhibit shows a code snippet written in C# that makes a HTTP request to a geo-location service and parses the XML response to extract information such as IP address, country name, country code, region name, city, and time zone. Therefore, none of the options A, B, C, or D are correct. - ChatGPT

TrainingTeamOption: B
Oct 21, 2024

The STIX (Structured Threat Information eXpression) provided in the exhibit indicates a risk associated with a file that redirects users to a malicious website. The code snippet shows an HTTP request being made to a URL known fordistributing ransomware. This type of threat involves tricking users into downloading and executing malicious software that encrypts their files and then demands payment for decryption. The static analysis of the file's behavior, as shown in the code, supports the conclusion that the file poses a risk of ransomware infection1.

27ea763Option: D
Jan 23, 2025

It's D. The site is for looking for GeoIP