CompTIA CySA+ (CS0-001) — Question 35

A cybersecurity analyst has received an alert that well-known "call home" messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages. After determining the alert was a true positive, which of the following represents the MOST likely cause?

Answer options

• A. Attackers are running reconnaissance on company resources.
• B. An outside command and control system is attempting to reach an infected system.
• C. An insider is trying to exfiltrate information to a remote network.
• D. Malware is running on a company system.

Correct answer: B

Explanation

The correct answer is B because 'call home' messages are typical indicators of communication attempts from a command and control server to a compromised system. Option A is incorrect as reconnaissance typically involves passive scanning rather than active communication. Option C does not apply as it suggests insider threat behavior, which is less likely in this context. Option D, while plausible, does not specifically address the nature of the outbound communication observed.