CompTIA CySA+ (CS0-003) — Question 157
A security analyst observed the following activities in chronological order:
1. Protocol violation alerts on external firewall
2. Unauthorized internal scanning activity
3. Changes in outbound network performance
Which of the following best describes the goal of the threat actor?
Answer options
- A. Data exfiltration
- B. Unusual traffic spikes
- C. Rogue devices
- D. Irregular peer-to-peer communication
Correct answer: A
Explanation
The correct answer is A, as the sequence indicates attempts to breach security and extract sensitive information. The protocol violations and unauthorized scans suggest a focus on obtaining data, while changes in network performance could imply that data is being transmitted out. The other options do not align as closely with the observed activities.