A security administrator has completed a monthly review of DNS server query logs. The administrator notices continuous name resolution attempts from a large number of internal hosts to a single Internet addressable domain name. The security administrator then correlated those logs with the establishment of persistent TCP connections out to this domain. The connections seem to be carrying on the order of kilobytes of data per week. Which of the following is the MOST likely explanation for this anomaly?
A) An attacker is exfiltrating large amounts of proprietary company data.
B) Employees are playing multiplayer computer games.
C) A worm is attempting to spread to other hosts via SMB exploits.
D) Internal hosts have become members of a botnet.
Correct Answer:
Verified
Q959: A systems administrator wants to implement a
Q960: A security analyst is reviewing the following
Q961: A Chief Information Security Officer (CISO) asks
Q962: An organization hosts a public-facing website that
Q963: A security administrator needs an external vendor
Q965: Upon learning about a user who has
Q966: Which of the following penetration testing concepts
Q967: After a security assessment was performed on
Q968: A company has three divisions, each with
Q969: Which of the following would provide additional
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents