CompTIA CySA+ (CS0-003) — Question 53

After completing a review of network activity, the threat hunting team discovers a device on the network that sends an outbound email via a mail client to a non-company email address daily at 10:00 p.m. Which of the following is potentially occurring?

Answer options

• A. Irregular peer-to-peer communication
• B. Rogue device on the network
• C. Abnormal OS process behavior
• D. Data exfiltration

Correct answer: D

Explanation

The correct answer is D, as the daily outbound email to a non-company address suggests that sensitive data may be leaving the organization without authorization. Option A is incorrect because it does not address the nature of the email communication. Option B is not the best choice since the device may not be rogue if it's simply sending emails. Option C doesn't apply as the scenario specifically focuses on email activity rather than OS processes.