200-201 · Question #230
200-201 Question #230: Real Exam Question with Answer & Explanation
The correct answer is C: indicators of data exfiltration HTTP requests must be plain text. The presence of a default user agent in HTTP headers for data being transmitted, especially when combined with abnormal behavior, is a strong indicator of data exfiltration.
Question
Refer to the exhibit. A network administrator is investigating suspicious network activity by analyzing captured traffic. An engineer notices abnormal behavior and discovers that the default user agent is present in the headers of requests and data being transmitted. What is occurring?
Options
- Aindicators of denial-of-service attack due to the frequency of requests
- Bgarbage flood attack attacker is sending garbage binary data to open ports
- Cindicators of data exfiltration HTTP requests must be plain text
- Dcache bypassing attack: attacker is sending requests for noncacheable content
Explanation
The presence of a default user agent in HTTP headers for data being transmitted, especially when combined with abnormal behavior, is a strong indicator of data exfiltration.
Common mistakes.
- A. While denial-of-service attacks involve frequent requests, the specific indicator mentioned is the default user agent in the headers for data transmission, not just the frequency.
- B. A garbage flood attack involves sending malformed or random data to open ports, which is not directly indicated by a default user agent in HTTP headers.
- D. Cache bypassing attacks focus on preventing content delivery networks from caching content, which is unrelated to the specific anomaly of a default user agent in data transmission headers.
Concept tested. Data exfiltration indicators
Reference. https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4688
Topics
Community Discussion
No community discussion yet for this question.