Exam 200-201 topic 1 question 61 discussion

Correct answer = D A Tor exit node is basically the last Tor node or the gateway where the Tor encrypted traffic exits to the Internet. A Tor exit node can be targeted to monitor Tor traffic. Many organizations block Tor exit nodes in their environment. The Tor project has a dynamic list of Tor exit nodes that makes this task a bit easier. This Tor exit node list can be downloaded from https://check.torproject.org/exit-addresses.

The TOR (The Onion Router) network is often used to anonymize traffic on the internet, which can be beneficial for protecting privacy, but it can also be used to circumvent network security measures, such as firewalls. When traffic with a known TOR exit node occurs on a network, it means that a user is likely attempting to use TOR to bypass network restrictions and access restricted content or services. Ransomware communicating after infection, users downloading copyrighted content, and data exfiltration are all potential security threats that could occur on a network, but they are not directly related to traffic with a known TOR exit node.

TOR (The Onion Router) It is an open-source privacy network that enables anonymous web browsing. The Tor browser enables people to have access to the dark web. TOR Exit Node Tor moves encrypted traffic across a network of Tor servers and provides anonymity to users. A Tor exit node is the final node that routes Tor traffic to a destination. Circumvention The process of avoiding something, especially cleverly or illegally. Circumvention Tools They are designed to bypass online censorship such as simple web proxies, virtual private network service, and so on. Frequently used in countries whose governments impose heavy Internet censorship.

The question is What is the Impact? NIST states "The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability." To me the biggest IMPACT here from TOR traffic is , Data Exfiltration. As an analyst, I would be more concerned with untraceable traffic like TOR, stealing data. I say Data Exfiltration.

I think D. Bc if the if the TOR exit node "is known" the only way there should be rules/firewalls in place to make sure that traffic never enters or is even allowed out of the network, so if its on the network D makes sense

I will use TOR exit to exfiltrate data from the network bypassing the firewall and the company rules.

d is correct tor unknown the identity of the browser ip

It looks like that user used TOR browser to download content. So it seems that the correct answer is: B. users downloading copyrighted content

This is a strange question. Detecting the address of a tor EXITnode means someone is using TOR to initiate communication with your network (server probably). When a user IN the network is connecting via TOR to circumvent the firewall, he is connecting to a "guard" node. (aka entry node). Answer D is not the correct answer. For the same reason "B" is not correct either. because of the inbound nature of the traffic, A or C are possible but should be blocked by the firewall. I don't know the aswer, anyone ?