During routine monitoring of network traffic, you notice a very large spike in outbound traffic on port 25 from a device within your organization that has no history of sending emails. Despite this anomaly, email services appear to be functioning normally for all users. What is the MOST likely explanation for this behavior?
The correct answer is Compromised system sending out spam. The spike in outbound traffic on port 25 (which is used for SMTP/email sending) from a device that is not known for email activity is a common indicator of a compromised system being used to send out spam or phishing emails. While email service misconfiguration or user sending bulk emails are also possibilities, they are less likely given the device's typical usage patterns and the fact that other email services are operating normally. The option Scheduled backup over SMTP doesn't make sense because SMTP is not a protocol used for backups.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does a spike in outbound traffic on port 25 indicate?