CompTIA CySA+ (CS0-001) — Question 251

A security analyst begins to notice the CPU utilization from a sinkhole has begun to spike. Which of the following describes what may be occurring?

Answer options

• A. Someone has logged on to the sinkhole and is using the device.
• B. The sinkhole has begun blocking suspect or malicious traffic.
• C. The sinkhole has begun rerouting unauthorized traffic.
• D. Something is controlling the sinkhole and causing CPU spikes due to malicious utilization.

Correct answer: C

Explanation

The correct answer is C, as a spike in CPU utilization may suggest that the sinkhole is actively rerouting unauthorized traffic, which can consume resources. Option A is incorrect because user access would not typically cause such spikes. Option B is not accurate as blocking traffic generally reduces CPU usage, and option D suggests malicious control, which is less likely than active rerouting.