CompTIA Security Plus Mock Test Q626

A system security analyst using an enterprise monitoring tool notices an unknown internal host exfiltrating files to several foreign IP addresses. Which of the following would be an appropriate mitigation technique?

A. Disabling unnecessary accounts
B. Rogue machine detection
C. Encrypting sensitive files
D. Implementing antivirus


Correct Answer: B
Section: Threats and Vulnerabilities

Explanation:
Rogue machine detection is the process of detecting devices on the network that should not be there. If a user brings in a laptop and plugs it into the network, the laptop is a “rogue machine”. The laptop could cause problems on the network. Any device on the network that should not be there is classed as rogue.

Incorrect Answers:
A: The question states, “unknown internal host”. This host is a hardware device (most likely a computer), not a person. Therefore disabling accounts will not prevent an unknown internal host exfiltrating files to several foreign IP addresses.
B: This question is about an unknown internal host (most likely a computer) exfiltrating files to several foreign IP addresses. Encrypting files stored disk will not prevent the files being sent.
D: This question is about an unknown internal host (most likely a computer) exfiltrating files to several foreign IP addresses. This question is not about a known host with a virus. Therefore implementing antivirus will not solve the problem.