A security administrator has completed a monthly review of DNS server query logs. The administrator notices continuous name resolution attempts from a large number of internal hosts to a single Internet addressable domain name. The security administrator then correlated those logs with the establishment of persistent TCP connections out to this domain. The connections seem to be carrying on the order of kilobytes of data per week. Which of the following is the MOST likely explanation for this company?
A) An attacker is exfiltrating large amounts of proprietary company data.
B) Employees are playing multiplayer computer games.
C) A worm is attempting to spread to other hosts via SMB exploits.
D) Internal hosts have become members of a botnet.
Correct Answer:
Verified
Q1139: A tester was able to leverage a
Q1140: The phones at a business are being
Q1141: After deploying an antivirus solution on some
Q1142: Which of the following could help detect
Q1143: A stock trading company had the budget
Q1145: Multiple organizations operating in the same vertical
Q1146: An organization's internal auditor discovers that large
Q1147: A security administrator is diagnosing a server
Q1148: A consumer purchases an exploit from the
Q1149: A company is determining where to host
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents