A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months.
This activity then stopped.
The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.
The technician will define this threat as:
Click on the arrows to vote for the correct answer
A. B. C. D.A.
https://www.internetsociety.org/deploy360/tls/basics/Based on the given scenario, the technician is reviewing logs and notices that a large number of files were transferred to remote sites over the course of three months, and this activity has stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites. The technician needs to define this threat.
Option A, a decrypting RSA using obsolete and weakened encryption attack, is not the correct answer. RSA is an encryption algorithm that is still commonly used today, and it is not stated in the scenario that RSA was used or that it was weakened or obsolete.
Option B, a zero-day attack, is also not the correct answer. A zero-day attack is an attack that exploits a vulnerability that is unknown to the software vendor and has not been patched. There is no mention of a vulnerability being exploited in the scenario.
Option C, an advanced persistent threat (APT), is a targeted attack that is typically carried out over a long period of time by an adversary with advanced capabilities. This option is a possibility since the file transfers occurred over a three-month period and stopped suddenly. However, there is not enough information in the scenario to definitively say that this is an APT.
Option D, an on-path attack, is not the correct answer. An on-path attack, also known as a man-in-the-middle attack, involves intercepting and altering communications between two parties. There is no indication in the scenario that communications were intercepted or altered.
Based on the given scenario, the best answer would be C, an advanced persistent threat. This option fits the description of a targeted attack that occurred over a long period of time and suddenly stopped. The fact that files were transferred from systems that do not send traffic to those sites indicates that the attackers had access to those systems and were able to use them for their purposes. The use of TLS-protected HTTP sessions indicates that the attackers were using encryption to conceal their activities.