Certified SOC Analyst (CSA) — Question 60

Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads.
What does this indicate?

Answer options

• A. Concurrent VPN Connections Attempt
• B. DNS Exfiltration Attempt
• C. Covering Tracks Attempt
• D. DHCP Starvation Attempt

Correct answer: B

Explanation

The presence of large TXT and NULL payloads typically points to DNS exfiltration attempts, as attackers may use these methods to send data through DNS queries. The other options do not align with the specific characteristics of the observed payloads and would indicate different types of network activities.