CompTIA CySA+ (CS0-003) — Question 490

A systems administrator is reviewing after-hours traffic flows from data-center servers and sees regular outgoing HTTPS connections from one of the servers to a public IP address. The server should not be making outgoing connections after hours. Looking closer, the administrator sees this traffic pattern around the clock during work hours as well. Which of the following is the most likely explanation?

Answer options

• A. C2 beaconing activity
• B. Data exfiltration
• C. Anomalous activity on unexpected ports
• D. Network host IP address scanning
• E. A rogue network device

Correct answer: A

Explanation

The correct answer is A, as C2 (Command and Control) beaconing indicates that the server is likely communicating with a remote attacker’s server, which could explain the consistent outgoing HTTPS connections. Options B, C, D, and E are less likely because they describe different types of network issues that do not specifically match the pattern of regular outbound connections seen here.