Which two methods might be used by an analyst to detect SSL/TLS encrypted command-and-control communication? (Choose two.)

Which two methods might be used by an analyst to detect SSL/TLS encrypted command-and-control communication? (Choose two.)
A . perform decryption and inspection of SSL/TLS traffic
B . perform firewall HTTP application inspection to detect for the command and control traffic
C . perform IPS HTTP deep packets inspection to detect for the command and control traffic
D . perform analysis of the NetFlow data to detect anomalous TLS/SSL flows

View Answer

Answer: AD

Explanation:

The correct answers are "perform decryption and inspection of SSL/TLS traffic" and "perform analysis of the Netflow data to detect anomalous TLS/SSL flows."