Certified Information Systems Security Professional (CISSP) — Question 163

A security operations center (SOC) discovers a recently deployed router beaconing to a malicious website. Replacing the router fixes the issue. What is the MOST likely cause of the router’s behavior?

Answer options

• A. The network administrator failed to reconfigure the router’s access control list (ACL).
• B. The router was damaged during shipping or installed incorrectly.
• C. The router was counterfeit and acquired through unauthorized channels.
• D. The network administrator failed to update the router’s firmware.

Correct answer: C

Explanation

The correct answer is C because counterfeit routers often come with compromised firmware, which can lead to malicious behavior such as beaconing to harmful sites. Options A and D are less likely because they pertain to misconfigurations or outdated firmware, which wouldn't necessarily cause immediate beaconing. Option B is also unlikely since physical damage during shipping usually leads to non-functionality rather than specific malicious behavior.