nerdexam
Cisco

350-701 · Question #128

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two.)

The correct answer is B. Outgoing traffic is allowed so users can communicate with outside organizations. D. Traffic is encrypted, which prevents visibility on firewalls and IPS systems.. Data exfiltration via messenger protocols is challenging to detect and prevent because outgoing traffic to external parties is generally permitted, and the traffic itself is often encrypted.

Submitted by eva_at· Mar 30, 2026Network Security

Question

Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two.)

Exhibit

350-701 question #128 exhibit

Options

  • AMalware infects the messenger application on the user endpoint to send company data.
  • BOutgoing traffic is allowed so users can communicate with outside organizations.
  • CAn exposed API for the messaging platform is used to send large amounts of data.
  • DTraffic is encrypted, which prevents visibility on firewalls and IPS systems.
  • EMessenger applications cannot be segmented with standard network controls.

How the community answered

(48 responses)
  • A
    15% (7)
  • B
    54% (26)
  • C
    23% (11)
  • E
    8% (4)

Why each option

Data exfiltration via messenger protocols is challenging to detect and prevent because outgoing traffic to external parties is generally permitted, and the traffic itself is often encrypted.

AMalware infects the messenger application on the user endpoint to send company data.

While malware can infect applications, this describes an attack vector rather than a characteristic of the protocol itself that makes detection difficult.

BOutgoing traffic is allowed so users can communicate with outside organizations.Correct

Organizations often allow outgoing messenger traffic so employees can legitimately communicate with external parties, making it difficult to distinguish legitimate communication from malicious data exfiltration without deep packet inspection.

CAn exposed API for the messaging platform is used to send large amounts of data.

An exposed API is a vulnerability in the platform, not an inherent characteristic of messenger protocols that complicates exfiltration detection.

DTraffic is encrypted, which prevents visibility on firewalls and IPS systems.Correct

Messenger protocols commonly use encryption (e.g., TLS/SSL), which obscures the content of communications from traditional firewalls, IPS systems, and other network monitoring tools, thereby hindering detection of sensitive data leaving the network.

EMessenger applications cannot be segmented with standard network controls.

Messenger applications can be segmented using network controls, although managing this effectively can be complex; the statement claims they cannot be, which is incorrect.

Concept tested: Data exfiltration challenges with messenger protocols

Source: https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/guide-c07-742232.html

Topics

#Data exfiltration#Messenger protocol security#Encrypted traffic visibility#Network security monitoring

Community Discussion

No community discussion yet for this question.

Full 350-701 Practice