ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam
Go to Exam

Exam SY0-701 topic 1 question 409 discussion

Actual exam question from CompTIA's SY0-701
Question #: 409
Topic #: 1
[All SY0-701 Questions]

A company suffered a critical incident where 30GB of data was exfiltrated from the corporate network. Which of the following actions is the most efficient way to identify where the system data was exfiltrated from and what location the attacker sent the data to?

  • A. Analyze firewall and network logs for large amounts of outbound traffic to external IP addresses or domains.
  • B. Analyze IPS and IDS logs to find the IP addresses used by the attacker for reconnaissance scans.
  • C. Analyze endpoint and application logs to see whether file-sharing programs were running on the company systems.
  • D. Analyze external vulnerability scans and automated reports to identify the systems the attacker could have exploited a remote code vulnerability.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by AriGarcia at Nov. 25, 2024, 6:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
9149f41
2 months, 3 weeks ago
Selected Answer: A
The question is: 1. Source of the data extracted 2. The destination of the data was exported. The above both points are not possible by IPS, IDS, end point log, or vulnerability scan.
upvoted 3 times
...
AriGarcia
5 months ago
Selected Answer: A
To efficiently identify the source of exfiltrated data and the attacker's destination: Firewall and network logs are the best tools for analyzing outbound traffic. They can reveal unusual data transfers, such as large amounts of traffic sent to external IPs or domains that do not match typical business activity. This method is highly efficient for pinpointing the source system and the exfiltration destination.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago