Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 357

How is ICMP used as an exfiltration technique?

Answer options

• A. by flooding the destination host with unreachable packets
• B. by sending large numbers of ICMP packets with a targeted hosts source IP address using an IP broadcast address
• C. by encrypting the payload in an ICMP packet to carry out command and control tasks on a compromised host
• D. by overwhelming a targeted host with ICMP echo-request packets

Correct answer: C

Explanation

The correct answer is C because it describes how encrypted payloads in ICMP packets can facilitate command and control for compromised systems. Options A and D refer to denial-of-service tactics rather than exfiltration, while B inaccurately describes a method not typically associated with exfiltration techniques.