After determining the alert was a true positive, which of the following represents the MOST likely cause?

Posted by: Pdfprep Category: CS0-001 Tags: CompTIA CySA+, CS0-001 exam questions, CS0-001 practice exam Post Date: November 3, 2020

A cybersecurity analyst has received an alert that well-known “call home” messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages.

After determining the alert was a true positive, which of the following represents the MOST likely cause?
A . Attackers are running reconnaissance on company resources.
B . An outside command and control system is attempting to reach an infected system.
C . An insider is trying to exfiltrate information to a remote network.
D . Malware is running on a company system.

Answer: B

After determining the alert was a true positive, which of the following represents the MOST likely cause?

Author

Leave a Reply Cancel reply