ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 605 discussion

Actual exam question from CompTIA's CAS-004
Question #: 605
Topic #: 1
[All CAS-004 Questions]

An organization’s UTM blocked unexpected traffic. After reviewing the following summary of the event, the security engineer categorized this event as a data exfiltration attempt:



Which of the following explains why the engineer thinks this event is a data exfiltration attempt?

  • A. The traffic indicated the request was dropped by the UTM.
  • B. 6to4 was used to obfuscate the data.
  • C. The traffic indicated a subsecond request-response time.
  • D. The data was hidden steganographically in IP headers.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Bright07 at Jan. 27, 2025, 12:44 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bright07
3 months ago
Selected Answer: B
6to4 tunneling is a method used to encapsulate IPv6 packets within IPv4 packets. This allows IPv6 traffic to pass through networks that only support IPv4, but it can also be used to bypass security filters or monitoring systems that do not properly inspect tunneled traffic. In this case, the event logs show that the traffic is IPv6 encapsulated within PPPoE (Point-to-Point Protocol over Ethernet), which is a hint that tunneling might be involved. The engineer suspects data exfiltration because 6to4 tunneling is commonly used by attackers to hide traffic and evade detection mechanisms in place, such as those monitoring only IPv4 traffic or that don't inspect the contents of the tunneled packets. The use of IPv6 for communication (shown in the logs) and the presence of large data transfers could be indicative of an attempt to exfiltrate data in a covert manner.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago