A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

The technician will define this threat as:
A . a decrypting RSA using obsolete and weakened encryption attack.
B . a zero-day attack.
C . an advanced persistent threat.
D . an on-path attack.

View Answer

Answer: C

Explanation:

Reference: https://www.internetsociety.org/deploy360/tls/basics/

An advanced persistent threat (APT) is a type of cyberattack that involves a stealthy and continuous process of compromising and exploiting a target system or network. An APT typically has a specific goal or objective, such as stealing sensitive data, disrupting operations, or sabotaging infrastructure. An APT can use various techniques to evade detection and maintain persistence, such as encryption, proxy servers, malware, etc. The scenario described in the question matches the characteristics of an APT.

Reference:

https://www.cisco.com/c/en/us/products/security/what-is-apt.html

https://www.imperva.com/learn/application-security/advanced-persistent-threat-apt/