As a security analyst at a financial institution, you noticed an unexpected surge in outbound network traffic during off-hours when the office is typically empty. While investigating, you uncover numerous connections to foreign IP addresses known to be outside of your organization's normal communications. Which of the following is the MOST likely explanation for this traffic?
The correct answer is 'Data exfiltration attempts'. This scenario is indicative of potential unauthorized data transfer to external entities, often a sign of a compromised system where an attacker is extracting sensitive information. A significant increase in outbound traffic, particularly to foreign or unusual IP addresses during off-hours, is a common indicator of compromised systems involved in data exfiltration.
The incorrect options—'Routine backup processes', 'Authorized remote employee access', and 'Network performance testing'—although they may also cause traffic spikes, are less likely in this scenario given the unusual time and the connection to foreign IPs known to be outside normal communications. These activities would typically be planned, documented, and occur within known operational parameters.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are data exfiltration attempts?
Open an interactive chat with Bash
How can I identify data exfiltration attempts?
Open an interactive chat with Bash
What are the typical signs of a compromised system?