EC-Council: Computer Hacking Forensic Investigator(CHFI-V10)
Module 8 : Network Forensics
         
Questions available : 133 You are not logged in.
Please Login for track your learning progress
   
 
Q. No: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 |
Go to Question No.



Question No 0

If you want to share the link of this question, please click here to "Copy Question Link" and share that generated link. Link from URL may change in future.
 
   
Bookmark this Question
QID: 514  
   
You are an information security analyst at a large pharmaceutical company. While performing a routine review of audit logs, you have noticed a significant amount of egress traffic to various IP addresses on destination port 22 during off-peak hours. You researched some of the IP addresses and found that many of them are in Eastern Europe. What is the most likely cause of this traffic?


 
A:    Malicious software on internal system is downloading research data from partner SFTP servers in Eastern Europe
 
B:    Internal systems are downloading automatic Windows updates
C:    Data is being exfiltrated by an advanced persistent threat (APT)
  
D:    The organization‘s primary internal DNS server has been compromised and is performing DNS zone transfers to malicious external entities
 
         

 
 

Diffence opinion in Correct Answer or any comment?
Vote / Comment for correct Answer



Comunity Comments:

Pradeep Thomas on 27/02/2024
Opted Answer: C
It is a confusing question as the the port 22 is the default port of SFTP. But the question is "significant amount of egress traffic to various IP addresses on destination port 22 " and option A mentioning "internal system is downloading research data from partner SFTP servers" ie. source port may be 22. So the egress traffic could be the result of data exfiltration by an advanced persistent threat (APT) or unauthorized access.

















WELCOME TO ONLINE EXAM PREPARATION SYSTEM

Certification Examinations