350-701 · Question #128
Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two.)
The correct answer is B. Outgoing traffic is allowed so users can communicate with outside organizations. D. Traffic is encrypted, which prevents visibility on firewalls and IPS systems.. Data exfiltration via messenger protocols is challenging to detect and prevent because outgoing traffic to external parties is generally permitted, and the traffic itself is often encrypted.
Question
Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two.)
Exhibit
Options
- AMalware infects the messenger application on the user endpoint to send company data.
- BOutgoing traffic is allowed so users can communicate with outside organizations.
- CAn exposed API for the messaging platform is used to send large amounts of data.
- DTraffic is encrypted, which prevents visibility on firewalls and IPS systems.
- EMessenger applications cannot be segmented with standard network controls.
How the community answered
(48 responses)- A15% (7)
- B54% (26)
- C23% (11)
- E8% (4)
Why each option
Data exfiltration via messenger protocols is challenging to detect and prevent because outgoing traffic to external parties is generally permitted, and the traffic itself is often encrypted.
While malware can infect applications, this describes an attack vector rather than a characteristic of the protocol itself that makes detection difficult.
Organizations often allow outgoing messenger traffic so employees can legitimately communicate with external parties, making it difficult to distinguish legitimate communication from malicious data exfiltration without deep packet inspection.
An exposed API is a vulnerability in the platform, not an inherent characteristic of messenger protocols that complicates exfiltration detection.
Messenger protocols commonly use encryption (e.g., TLS/SSL), which obscures the content of communications from traditional firewalls, IPS systems, and other network monitoring tools, thereby hindering detection of sensitive data leaving the network.
Messenger applications can be segmented using network controls, although managing this effectively can be complex; the statement claims they cannot be, which is incorrect.
Concept tested: Data exfiltration challenges with messenger protocols
Source: https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/guide-c07-742232.html
Topics
Community Discussion
No community discussion yet for this question.
