300-215 · Question #75
300-215 Question #75: Real Exam Question with Answer & Explanation
The correct answer is A: Exfiltration Over Web Service. The workstation is uploading (exfiltrating) data to a legitimate web service over HTTP(S) on port 80. According to MITRE ATT&CK, that maps directly to Exfiltration Over Web Service, where adversaries use common web protocols and services to stealthily move data out of a network.
Question
During a daily security audit via Cisco Secure Network Analytics, an engineer notices unusual activity in the network. The security engineer investigates and discovers that an employee workstation is generating an abnormal volume of upload traffic to the known clean domain via TCP port 80. A deeper investigation via Wireshark reveals that this traffic is encrypted. Which type of attack is occurring, according to the MITRE ATT&CK matrix?
Options
- AExfiltration Over Web Service
- BExfiltration Over C2 Channel
- CExfiltration Over Asymmetric Encrypted Non-C2 Protocol
- DCommand and Control Activity
Explanation
The workstation is uploading (exfiltrating) data to a legitimate web service over HTTP(S) on port 80. According to MITRE ATT&CK, that maps directly to Exfiltration Over Web Service, where adversaries use common web protocols and services to stealthily move data out of a network.
Topics
Community Discussion
No community discussion yet for this question.