Skip to Content

CompTIA Security+ (Plus): What Best Describes an Attack with Long-Term Data Exfiltration, Persistence, and Unusual Outbound Traffic?

By: Author Alex Lim

Posted on

Categories Exam

What is an advanced persistent threat (APT) and how does it manifest as long-term, stealthy data exfiltration and persistence? Learn to recognize APT characteristics and stages—critical for CompTIA Security+ (Plus) SY0-701 exam success.

Table of Contents

Question

An organization detects unusual outbound traffic, long-term data exfiltration, and persistence mechanisms over several months. What best describes this attack?

A. Zero-day attack
B. Man-in-the-browser attack
C. Advanced Persistent Threat (APT)
D. Drive-by download
E. Worm infection

Answer

C. Advanced Persistent Threat (APT)

Explanation

APTs are stealthy, long-term intrusions often linked to nation-state actors.

The attack described—characterized by unusual outbound traffic, long-term data exfiltration, and persistence mechanisms over several months—is best defined as an Advanced Persistent Threat (APT).

Advanced Persistent Threats (APTs) are sophisticated, targeted cyberattacks where threat actors infiltrate a network and maintain an undetected presence for extended periods, often months or years.

APTs are distinguished by their persistence and stealth. Attackers use advanced techniques to avoid detection, establish multiple backdoors, and continuously monitor the environment to exfiltrate sensitive data.

Typical APT lifecycle stages include:

  • Infiltration: Gaining access through spear-phishing, exploiting vulnerabilities, or social engineering.
  • Establishing Persistence: Installing backdoors or malware to maintain long-term access, often using sophisticated evasion techniques.
  • Lateral Movement: Expanding access across the network, escalating privileges, and mapping out valuable assets.
  • Data Exfiltration: Stealthily collecting and transferring sensitive data out of the organization over time, often using encrypted or covert channels.

APTs are commonly associated with nation-state actors or well-funded criminal groups, targeting high-value organizations for espionage, financial gain, or sabotage.

The presence of unusual outbound traffic, sustained data theft, and persistent attacker footholds are classic indicators of an APT, not typical of short-term or opportunistic attacks.

APTs are stealthy, long-term intrusions that leverage persistence and advanced techniques to exfiltrate data over extended periods, often evading detection for months or years.

CompTIA Security+ (Plus) SY0-701 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CompTIA Security+ (Plus) SY0-701 exam and earn CompTIA Security+ (Plus) SY0-701 certification.