350-701 · Question #128
350-701 Question #128: Real Exam Question with Answer & Explanation
The correct answer is B: Outgoing traffic is allowed so users can communicate with outside organizations.. Data exfiltration via messenger protocols is challenging to detect and prevent because outgoing traffic to external parties is generally permitted, and the traffic itself is often encrypted.
Question
Which two characteristics of messenger protocols make data exfiltration difficult to detect and prevent? (Choose two.)
Options
- AMalware infects the messenger application on the user endpoint to send company data.
- BOutgoing traffic is allowed so users can communicate with outside organizations.
- CAn exposed API for the messaging platform is used to send large amounts of data.
- DTraffic is encrypted, which prevents visibility on firewalls and IPS systems.
- EMessenger applications cannot be segmented with standard network controls.
Explanation
Data exfiltration via messenger protocols is challenging to detect and prevent because outgoing traffic to external parties is generally permitted, and the traffic itself is often encrypted.
Common mistakes.
- A. While malware can infect applications, this describes an attack vector rather than a characteristic of the protocol itself that makes detection difficult.
- C. An exposed API is a vulnerability in the platform, not an inherent characteristic of messenger protocols that complicates exfiltration detection.
- E. Messenger applications can be segmented using network controls, although managing this effectively can be complex; the statement claims they cannot be, which is incorrect.
Concept tested. Data exfiltration challenges with messenger protocols
Reference. https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/guide-c07-742232.html
Topics
Community Discussion
No community discussion yet for this question.