Exam 350-201 topic 1 question 92 discussion

I would go with D. It's a Malware Outbreak of Ransonware type.

C according to https://www.crowdstrike.com/cybersecurity-101/malware/malware-vs-virus/ Malware works in different ways, but most start by ensuring a means of persistent access to a system so adversaries can slip into the network any time they like. Once inside, the malware takes control of the system with the purpose of communicating back to its original sender. The information it communicates may include sensitive data, intellectual property, captured keystrokes or images from a device’s camera, among other items. Viruses, on the other hand, are usually dormant until the victim activates the attack, either through opening an infected application, downloading a corrupt file or clicking an infected link. Once activated, the virus may complete any number of tasks that it was designed to do, including deleting files, encrypting data, taking over system functions or disabling security settings.

The question has an error in the IP address, so I resubmitted it: The cause of the issue is more likely a malware outbreak. The unusual types of internal traffic and the presence of unexplained encrypted data files on a system are indicators of a possible malware infection. The specific IP subnet may have been targeted by the attacker to spread the malware within the network. The SOC analyst should conduct further analysis to identify the malware type and determine the extent of the infection to mitigate the issue.

Based on the information provided, it is not possible to determine the cause of the issue with certainty. However, the presence of unusual types of internal traffic and unexplained encrypted data files on a system suggest that some type of security incident or compromise may have occurred. Further investigation is necessary to determine the cause of the issue, identify any malicious activity, and mitigate any potential damage. - ChatGPT

Virus outbreak. 100% sure