Which of the following can be inferred from this activity?

Posted by: Pdfprep Category: CS0-001 Tags: , , Post Date: November 8, 2020

An analyst identifies multiple instances of node-to-node communication between several endpoints within the 10.200.2.0/24 network and a user machine at the IP address 10.200.2.5. This user machine at the IP address 10.200.2.5 is also identified as initiating outbound communication during atypical business hours with several IP addresses that have recently appeared on threat feeds.

Which of the following can be inferred from this activity?
A . 10.200.2.0/24 is infected with ransomware.
B . 10.200.2.0/24 is not routable address space.
C . 10.200.2.5 is a rogue endpoint.
D . 10.200.2.5 is exfiltrating data.

Answer: D

Author

Leave a Reply

Your email address will not be published.