ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 419 discussion

Actual exam question from CompTIA's CS0-002
Question #: 419
Topic #: 1
[All CS0-002 Questions]

A security analyst responds to a series of events surrounding sporadic bandwidth consumption from an endpoint device. The security analyst then identifies the following additional details:

• Bursts of network utilization occur approximately every seven days.
• The content being transferred appears to be encrypted or obfuscated.
• A separate but persistent outbound TCP connection from the host to infrastructure in a third-party cloud is in place.
• The HDD utilization on the device grows by 10GB to 12GB over the course of every seven days.
• Single file sizes are 10GB.

Which of the following describes the most likely cause of the issue?

  • A. Memory consumption
  • B. Non-standard port usage
  • C. Data exfiltration
  • D. System update
  • E. Botnet participant
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Dree_Dogg at Sept. 25, 2023, 6:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kumax
1 year, 7 months ago
Selected Answer: C
ChatGPT
upvoted 1 times
...
skibby16
1 year, 7 months ago
Selected Answer: C
The given details, including sporadic bandwidth consumption, bursts of network utilization, encrypted or obfuscated content transfer, a persistent outbound TCP connection to a third-party cloud, and HDD utilization growth, are indicative of data exfiltration. The behavior suggests that large files are being transferred from the host to an external location, which is a characteristic of data exfiltration or data theft. The regular, seven-day intervals may be an attempt to avoid detection.
upvoted 1 times
...
Strong914
1 year, 7 months ago
Selected Answer: C
Encrypted content being transferred and going to a cloud infrastructure
upvoted 1 times
...
Dree_Dogg
1 year, 7 months ago
Selected Answer: C
Sounds a lot like data exfiltration to me.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago