CAS-005
Security Operations
hard
Question 3 of 22

A threat hunting team discovers beaconing behavior in network logs: an internal host makes outbound HTTPS connections to the same external IP every 300 seconds with nearly identical payload sizes. Endpoint protection did not trigger any alerts. Which combination of threat hunting tools and techniques is MOST appropriate to investigate further?

ARun a CVSS score lookup for the destination IP and check the CVE database for known vulnerabilities
BCorrelate the beaconing host's process execution logs with network connection events in the SIEM, extract the communicating process, and submit any associated executables to a malware sandbox for IoC extraction
CBlock the destination IP at the firewall and close the investigation
DReview the SSL certificate on the destination IP using a web browser

More Security Operations Questions

22 questions

Full CompTIA SecurityX Practice Test

All topics covered

All CompTIA SecurityX Questions

Browse by topic

Related Questions

Which format is used to share structured threat intelligence indicators, including IoCs, TTPs, and t...

easy

Which internal threat hunting technique deploys decoy systems or credentials to detect attacker late...

easy

A SOC analyst is investigating a suspected intrusion. The analyst discovers an executable that was n...

medium

A threat hunter is searching for signs of command-and-control traffic in network logs. The hunter ne...

medium

A SIEM is generating a high volume of alerts for failed SSH login attempts from internal IP addresse...

medium
View all Security Operations questions

Educational Content — CertQnA practice questions are written against official exam objectives, covering the same domains tested on the real exam. All content is original and independent — not actual exam questions, not affiliated with any certification vendor. Learn more about our content policy

Discussion

Be the first to share your understanding of this concept

⚠️ Discussion is for concept clarification only. Do not share or request actual exam questions or answers.

Sign in to join the discussion

Sign InCreate free account