CompTIA CySA+ (CS0-003) — Question 435

A cybersecurity analyst is reviewing SIEM logs and observes consistent requests originating from an internal host to a blocklisted external server. Which of the following best describes the activity that is taking place?

Answer options

• A. Data exfiltration
• B. Rogue device
• C. Scanning
• D. Beaconing

Correct answer: D

Explanation

The correct answer is D, as beaconing refers to a device sending out periodic signals to communicate with an external server, often for command and control purposes. Option A, data exfiltration, involves transferring data out of a network, which is not explicitly indicated here. Option B, rogue device, suggests an unauthorized device on the network, but the question specifies an internal host. Option C, scanning, typically involves probing for vulnerabilities rather than consistent requests.