🔥 3-day streak
CompTIA SecurityX (CAS-005)101 / 120
Question 101 of 120
A threat hunter at a financial firm suspects command-and-control (C2) activity is evading the SIEM's fixed-threshold alerting. Reviewing outbound DNS logs, they notice one internal host querying a rarely-seen external domain at intervals that vary between 45 and 75 seconds, with query payload lengths that fluctuate. No single query exceeds volume thresholds, and the domain resolves normally. Which analytical approach is MOST likely to confirm this is malicious beaconing rather than benign automated traffic?
Reviewed for accuracy · Report an issueNext question