CompTIA CySA+ (CS0-001) — Question 48

A security analyst is conducting traffic analysis and observes an HTTP POST to the company's main web server. The POST header is approximately 1000 bytes in length. During transmission, one byte is delivered every ten seconds. Which of the following attacks is the traffic indicative of?

Answer options

• A. Exfiltration
• B. DoS
• C. Buffer overflow
• D. SQL injection

Correct answer: A

Explanation

The scenario describes a slow transmission of data, which is characteristic of an exfiltration attack where sensitive data is being stealthily sent out over time. A DoS attack typically involves overwhelming a server with traffic, while a buffer overflow attack targets vulnerabilities in software, and SQL injection is aimed at manipulating database queries, none of which align with the slow, deliberate data transfer observed here.