A cybersecurity analyst has received an alert that well-known “call home” messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages. After determining the alert was a true positive, which of the following represents the MOST likely cause?
A.
Attackers are running reconnaissance on company resources.
B.
Commands are attempting to reach a system infected with a botnet trojan.
C.
An insider is trying to exfiltrate information to a remote network.
D.
Malware is running on a company system.
Explanation:
Commands ‘Call home’ are send from system infected with malware to cnc server.
Maybe ‘D’ is better answer, but please correct me if i’m wrong.
1
0
It’s B. The key thing to remember is that while a botnet trojan is by definition malware, the fact that it’s actions are described as “calling home” is the key to getting it right. Malware by itself as a description without the additional description of “calling home” but instead somehow described as “deliberately alter the computer’s operations” would mean D would be the better answer.
2
3