SY0-701 · Question #173
SY0-701 Question #173: Real Exam Question with Answer & Explanation
The correct answer is B: Data is being exfiltrated.. Data exfiltration is a technique that attackers use to steal sensitive data from a target system or network by transmitting it through DNS queries and responses. This method is often used in advanced persistent threat (APT) attacks, in which attackers seek to persistently evade d
Question
A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?
Options
- AA worm is propagating across the network.
- BData is being exfiltrated.
- CA logic bomb is deleting data.
- DRansomware is encrypting files.
Explanation
Data exfiltration is a technique that attackers use to steal sensitive data from a target system or network by transmitting it through DNS queries and responses. This method is often used in advanced persistent threat (APT) attacks, in which attackers seek to persistently evade detection in the target environment. A large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours is a strong indicator of data exfiltration. A worm, a logic bomb, and ransomware would not use DNS queries to communicate with their command and control servers or perform their malicious actions.
Community Discussion
No community discussion yet for this question.