CompTIA CySA+ (CS0-003) — Question 151

A SOC analyst is analyzing traffic on a network and notices an unauthorized scan. Which of the following types of activities is being observed?

Answer options

• A. Potential precursor to an attack
• B. Unauthorized peer-to-peer communication
• C. Rogue device on the network
• D. System updates.

Correct answer: A

Explanation

The correct answer is A because an unauthorized scan typically indicates that someone is probing the network for vulnerabilities, which can be a precursor to a potential attack. Options B and C refer to different unauthorized activities, while D pertains to legitimate system maintenance, not malicious scanning.