CompTIA Security+ (SY0-701) — Question 442

A systems administrator is reviewing the VPN logs and notices that during non-working hours a user is accessing the company file server and information is being transferred to a suspicious IP address. Which of the following threats is most likely occurring?

Answer options

• A. Typosquatting
• B. Root or trust
• C. Data exfiltration
• D. Blackmail

Correct answer: C

Explanation

The correct answer is C, Data exfiltration, as it involves unauthorized transfer of data to an external location, which aligns with the observed activity. Options A, B, and D do not fit the scenario, as typosquatting relates to fraudulent domain names, root or trust does not pertain to unauthorized data access, and blackmail involves coercion rather than unauthorized data transfer.