Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam CS0-002 topic 1 question 79 discussion

Actual exam question from CompTIA's CS0-002
Question #: 79
Topic #: 1
[All CS0-002 Questions]

A security analyst is conducting a post-incident log analysis to determine which indicators can be used to detect further occurrences of a data exfiltration incident.
The analyst determines backups were not performed during this time and reviews the following:

Which of the following should the analyst review to find out how the data was exfiltrated?

  • A. Mondayג€™s logs
  • B. Tuesdayג€™s logs
  • C. Wednesdayג€™s logs
  • D. Thursdayג€™s logs
Show Suggested Answer Hide Answer

Suggested Answer: C

Comments

Obi_Wan_Jacoby
Highly Voted 2 months, 3 weeks ago
I concur with D. Tuesday, Wednesday and Thursday all have that last drop off around 8PM. Thursday is the only one with after-hours outbound bandwidth in the late hours (10PM to 1AM)
upvoted 5 times
who__cares123456789___
2 weeks, 1 day ago
D...if you look at Wednesday, these spikes are occurring during business hours and you have a high amount of incoming data so people are finishing up the work day. But Thursday, the network is quiet on incoming but blasting out data that no one is requesting, aside from maybe a C2!! I say D. No way it is NOT D!!
upvoted 1 times
...
...
ma66_726526
Highly Voted 2 months, 3 weeks ago
I too chose D, because of the unusual outgoing traffic at start and end of the day.
upvoted 5 times
...
BK00
Most Recent 5 days, 7 hours ago
I want to say D, because the question stated exfiltration. A spike in unsolicited outbound traffic is a clear indicator of data exfiltration. In addition, if you noticed the spike for outgoing is happening during non-business hours, which makes it very suspicious and in need of future investigations.
upvoted 1 times
...
mhughes25
1 month, 1 week ago
it's definitely D. if you look at the graphs Tuesday and Wednesday are basically the same. the graph just looks different because the scale is much smaller. but if you cut the top off and compare it, than they are basically the same. Thursday has high outbound traffic late in the night, that is when i would exfiltrate data if i was a cyber criminal.
upvoted 2 times
...
somsom
1 month, 2 weeks ago
Absolutely D
upvoted 2 times
...
klosinskil
1 month, 2 weeks ago
D - high outbound around midnight
upvoted 2 times
...
infosec208
1 month, 2 weeks ago
C. If you look at the other 3 graphs they have a rythm to them. While the amount of data may change, it changes at the same time period. C is the only one that is all wonky and bursty all over the place.
upvoted 1 times
BK00
5 days, 7 hours ago
C doesn't seem likely to me because for one inbound and outbound traffics mirror each other for the most part, which is an indication of unusually high but possiblly normal interaction between internal and outside host. In other words, the traffic pattern for that day appears to be a solicited traffic. Also, when we look at things in context of business hours..most of the host interaction appears during normal business hours (08:00-16:00). Then both in-bond/out-bound traffics leveled off after 16:00 (4:00PM), which to me indicates normal traffic pattern as it is the end of the work day. D show unsolicited outbound traffic particularly outside of the normal work hours...I'd be more suspicious of that.
upvoted 1 times
...
...
Matchy
2 months ago
I agree with C because the outbound traffic spike on Wednesday showing a lot of data is being moved out of the network.
upvoted 2 times
Lecky
1 month, 3 weeks ago
The outbound bandwidth on Wednesday was a little less than 300 Mbps while on Thursday at the end of day the outbound bandwidth was between 800- 900 Mbps. If there was data exfiltration it likely happened on Thursday I think. Any thoughts?
upvoted 1 times
...
...
leif06
2 months, 1 week ago
I think it's C. Even through traffic is low than the other days, upload level above to download. That indicates a something big file uploaded.
upvoted 2 times
leif06
2 months ago
Maybe it's could be D. There is two anomaly in the graphics Wednesday and Thursday. But maybe we can assume that Wednesday's upload made by a user after all it's done in the work hour. I can't explain Thursdays' graphic. So i concur D.
upvoted 2 times
...
...
Enlightened
2 months, 2 weeks ago
Sneaky question but agree - D highest outbound bandwidth spike
upvoted 3 times
...
I_heart_shuffle_girls
2 months, 4 weeks ago
I think D, it has the highest amount of outgoing bandwidth. Wednesday's scale is the smallest thus a minor amount of outbound looks high.
upvoted 5 times
1010_1100_1110
2 months ago
Nice catch!
upvoted 2 times
...
...

SaveCancel