CompTIA CySA+ (CS0-003) — Question 417

A network analyst notices a long spike in traffic on port 1433 between two IP addresses on opposite sides of a WAN connection. Which of the following is the most likely cause?

Answer options

• A. A local red team member is enumerating the local RFC1918 segment to enumerate hosts
• B. A threat actor has a foothold on the network and is sending out control beacons
• C. An administrator executed a new database replication process without notifying the SOC
• D. An insider threat actor is running Responder on the local segment, creating traffic replication

Correct answer: C

Explanation

The correct answer is C because the spike in traffic on port 1433 is typically associated with Microsoft SQL Server, which uses this port for database replication. The other options suggest malicious activities or unrelated actions that would not directly cause the observed traffic pattern.