🔥 3-day streak
CompTIA CySA+ (CS0-003)132 / 147
Question 132 of 147
A security analyst is reviewing web proxy logs after a DLP alert fired. Over a 30-minute window, a single internal workstation made 214 HTTPS POST requests to 'files.mega-transfer-cloud[.]io', each transferring between 8 MB and 12 MB. The user's normal baseline shows almost exclusively GET requests to business SaaS domains. The destination domain was registered nine days ago and is not on any corporate allow list. Which conclusion is best supported by these proxy log indicators?
Reviewed for accuracy · Report an issueNext question