SY0-701 · Question #614
SY0-701 Question #614: Real Exam Question with Answer & Explanation
The correct answer is C: Data exfiltration. Data exfiltration (C) is correct because the scenario describes the classic pattern: unauthorized access during off-hours combined with outbound data transfer to an unknown external IP - this is the definition of data being stolen from the organization. Why the distractors are wr
Question
A systems administrator is reviewing the VPN logs and notices that during non-working hours a user is accessing the company file server and information is being transferred to a suspicious IP address. Which of the following threats is most likely occurring?
Options
- ATyposquatting
- BRoot or trust
- CData exfiltration
- DBlackmail
Explanation
Data exfiltration (C) is correct because the scenario describes the classic pattern: unauthorized access during off-hours combined with outbound data transfer to an unknown external IP - this is the definition of data being stolen from the organization.
Why the distractors are wrong:
- A. Typosquatting - a social engineering technique where attackers register misspelled domain names to trick users into visiting fake sites; it has nothing to do with file server access or data transfer.
- B. Root or trust - not a standard threat category in this context; "trust" attacks relate to exploiting certificate or domain trust relationships, not VPN log anomalies.
- D. Blackmail - a potential consequence of a breach, but blackmail itself is not a technical threat observed in network logs; the logs show the data leaving, not a ransom demand.
Memory tip: Think of "exfiltration" as data fleeing the building - the prefix ex- means "out of." Whenever an exam question mentions data moving from internal systems to an external/unknown destination, that's your exfiltration signal.
Topics
Community Discussion
No community discussion yet for this question.