A security analyst receives alerts about an internal system sending a large amount of unusual DNS queries to systems on the internet over short periods of time during non-business hours. Which of the following is most likely occurring?
B. Data is being exfiltrated.
A large volume of DNS queries to external systems during non-business hours can indicate that data is being exfiltrated. Attackers often use DNS queries to covertly extract data from compromised systems, as DNS traffic is less likely to be scrutinized compared to other types of network traffic.
The scenario describes an internal system sending unusual and large amounts of DNS queries to external systems, especially during non-business hours. This behavior is indicative of data exfiltration, where an attacker tries to move data out of the network covertly.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MaxiPrince
1 month agobaronvon
5 months agodbrowndiver
5 months, 1 week agoShaman73
7 months, 1 week agoMahiMahiMahi
7 months, 1 week ago