Question 112 of 160 from exam CS0-002: CompTIA CySA+

Question 112 of 160 from exam CS0-002: CompTIA CySA+

Prev Question Next Question

Question

An organization was alerted to a possible compromise after its proprietary data was found for sale on the Internet.

An analyst is reviewing the logs from the next- generation UTM in an attempt to find evidence of this breach.

Given the following output:

[src IP [Src DNS Dst IP [Dst DNS Port Application 10.50.50.121 |83hht23.org-int.org 8.8.8.8 google. . .dns-a. google.com 53 DNS 20.50.50.121 |83hht23.org-int.org 77.88.55.66 |yandex.ru 443 HTTPS 172.16.52.20 |webserver.org-dmz.org [131.52.88.45 [-- 53 DNS 20.100.10.45 appserver.org-int.org |69.134.21.90 [repo.its.utk.edu 2a ETP 172.16.52.20 _|webserver.org-dmz.org [131.52.88.45 [-- 10999 [HTTPS 172.16.52.100 |sftp.org-dmz.org 62.30.221.56 |ftps.bluemed.net 42991 _|SSH 172.16.52.20 |webserver.org-dmz.org [131.52.88.45 [-- 10999 |aTTPs

Which of the following should be the focus of the investigation?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

Prev Question Next Question