Which of the following is a common network-based indicator of compromise (IOC) during a breach?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Get ready for the Cybersecurity and Digital Forensics Test with comprehensive multiple choice questions, flashcards, and detailed explanations. Enhance your skills and prepare for success in the digital security field!

Multiple Choice

Which of the following is a common network-based indicator of compromise (IOC) during a breach?

Explanation:
The main idea here is that breaches often reveal themselves through patterns in network traffic. Unusual outbound connections are a telltale network-based indicator of compromise because attackers who gain a foothold typically need to reach external command-and-control servers or siphon data out of the environment. You’d look for destinations that are unfamiliar or not aligned with the organization’s normal operations, new or uncommon ports, sudden spikes in outbound activity, or connections occurring at odd times. Security tools like firewalls, proxies, DNS logs, and NetFlow are designed to surface these anomalies, making this type of signal a strong red flag for breach activity. The other options describe issues that aren’t typically network-based signs of intrusion. Increased file read errors on workstations point to local system or storage problems rather than external communication; normal DNS traffic patterns suggest no unusual domain activity, which wouldn’t indicate compromise; and frequent software license check failures relate to asset management or licensing rather than an external connection to control or exfiltrate data.

The main idea here is that breaches often reveal themselves through patterns in network traffic. Unusual outbound connections are a telltale network-based indicator of compromise because attackers who gain a foothold typically need to reach external command-and-control servers or siphon data out of the environment. You’d look for destinations that are unfamiliar or not aligned with the organization’s normal operations, new or uncommon ports, sudden spikes in outbound activity, or connections occurring at odd times. Security tools like firewalls, proxies, DNS logs, and NetFlow are designed to surface these anomalies, making this type of signal a strong red flag for breach activity.

The other options describe issues that aren’t typically network-based signs of intrusion. Increased file read errors on workstations point to local system or storage problems rather than external communication; normal DNS traffic patterns suggest no unusual domain activity, which wouldn’t indicate compromise; and frequent software license check failures relate to asset management or licensing rather than an external connection to control or exfiltrate data.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy