CompTIA CySA+ (CS0-003) — Question 437

A security analyst at a company called ACME Commercial notices there is outbound traffic to a host IP that resolves to https://office365password.acme.co. The site’s standard VPN logon page is www.acme.com/logon. Which of the following is most likely true?

Answer options

• A. This is a normal password change URL.
• B. The security operations center is performing a routine password audit.
• C. A new VPN gateway has been deployed.
• D. A social engineering attack is underway.

Correct answer: D

Explanation

The correct answer is D because the URL suggests a potential phishing attempt, leading users to believe they are changing their password when they are actually being targeted for sensitive information. Options A, B, and C are incorrect as they imply legitimate activities that do not align with the suspicious nature of the traffic to the unusual URL.