Skip to Content

CompTIA CS0-003: What is the Likely Goal of Threat Actor Based on Observed Network Activities?

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

Learn how to analyze a series of suspicious network activities to determine a threat actor’s likely objective. Prepare for the CompTIA CS0-003 certification exam with this sample question.

Table of Contents

Question

A security analyst observed the following activities in chronological order:

  1. Protocol violation alerts on external firewall
  2. Unauthorized internal scanning activity
  3. Changes in outbound network performance

Which of the following best describes the goal of the threat actor?

A. Data exfiltration
B. Unusual traffic spikes
C. Rogue devices
D. Irregular peer-to-peer communication

Answer

The sequence of activities observed by the security analyst strongly suggests that the threat actor’s goal is data exfiltration (Option A).

Explanation

Here’s why:

  1. Protocol violation alerts on the external firewall indicate that the attacker may have compromised the network perimeter and gained initial access to the internal network.
  2. Unauthorized internal scanning activity suggests that the attacker is actively exploring the compromised network, likely in search of sensitive data or high-value targets. This reconnaissance phase is a common precursor to data exfiltration.
  3. Changes in outbound network performance imply that the attacker is transferring a significant amount of data out of the network, which is a clear sign of data exfiltration in progress.

The other options do not accurately describe the attacker’s likely goal based on the given information:

  • Unusual traffic spikes (Option B) may be a side effect of the attacker’s activities but do not represent the primary objective.
  • Rogue devices (Option C) could be used as part of the attack process, but their presence alone does not indicate the attacker’s end goal.
  • Irregular peer-to-peer communication (Option D) is not directly related to the observed activities and is unlikely to be the attacker’s main objective.

In summary, the chronological order of the observed activities – from initial compromise to internal reconnaissance and culminating in outbound data transfer – strongly points to data exfiltration as the threat actor’s primary goal.

CompTIA CS0-003 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the CompTIA CS0-003 exam and earn CompTIA CS0-003 certification.