Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
A network analyst notices a long spike in traffic on port 1433 between two IP addresses on opposite sides of a WAN connection. Which of the following is the most likely cause?
A.
A local red team member is enumerating the local RFC1918 segment to enumerate hosts
B.
A threat actor has a foothold on the network and is sending out control beacons
C.
An administrator executed a new database replication process without notifying the SOC
D.
An insider threat actor is running Responder on the local segment, creating traffic replication
C. An administrator executed a new database replication process without notifying the SOC.
Here's the rationale:
Port 1433 is commonly associated with Microsoft SQL Server database traffic. A spike in traffic on this port suggests increased activity related to SQL Server communication.
The fact that the spike in traffic occurs between two IP addresses on opposite sides of a WAN connection indicates that data is being transferred between remote locations.
Database replication processes often involve transferring data between SQL Server instances, especially across WAN connections, to synchronize databases between different locations.
If an administrator executed a new database replication process without notifying the SOC (Security Operations Center), it could result in unexpected traffic patterns that might trigger alerts or raise suspicion.
C. An administrator executed a new database replication process without notifying the SOC
Port 1433 is for SQL. Only related answer that mentions SQL is C.
Here is my take :
Beacons are typically small, periodic communications sent from a compromised system to a command-and-control (C2) server. They are designed to be low-profile to avoid detection, often transmitting small amounts of data at regular intervals.
In the context of the scenario described, if there is a long spike in traffic on port 1433 between two IP addresses on opposite sides of a WAN connection, it's more indicative of ongoing data transfer or communication beyond what would be expected from a typical beacon.
B. A threat actor has a foothold on the network and is sending out control beacons.
Port 1433 is commonly used for Microsoft SQL Server. A sudden spike in traffic on this port between two IP addresses on opposite sides of a WAN connection could indicate unauthorized access or malicious activity, such as a threat actor using control beacons to maintain access or control over compromised systems. This scenario aligns with option B.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
glenndexter
1 week, 3 days agobettyboo
1 month, 2 weeks agoBrick69
2 months agonarst
2 months, 1 week agoBrick69
2 months, 1 week ago