Splunk Observability Cloud Certified Metrics User — Question 16

An analyst notices that one of their servers is sending an unusually large amount of traffic, gigabytes more than normal, to a single system on the Internet. There doesn’t seem to be any associated increase in incoming traffic.
What type of threat actor activity might this represent?

Answer options

• A. Data exfiltration
• B. Network reconnaissance
• C. Data infiltration
• D. Lateral movement

Correct answer: A

Explanation

The correct answer is A, Data exfiltration, as the large outbound traffic indicates that data may be leaving the network without authorization. Options B, C, and D do not fit the scenario: network reconnaissance involves gathering information, data infiltration is about unauthorized data entry, and lateral movement refers to navigating within a network, none of which explain the observed outbound traffic pattern.