CompTIA CASP+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Enhance your CompTIA CASP+ exam readiness with our comprehensive quizzes. Sharpen your skills with detailed flashcards and multiple choice questions, each with hints and in-depth explanations. Prepare effectively for this challenging exam!

Practice this question and more.

What are the signs of a compromised internal host in the described scenario?

Unusual outbound traffic patterns.
Consistent antivirus updates.
Inactive firewall logs.
Frequent user login attempts.

The correct answer is: Unusual outbound traffic patterns.

Unusual outbound traffic patterns are strong indicators of a compromised internal host. When a host on a network has been compromised, it may begin to exhibit behavior that deviates from its normal activity profile. This could mean sending large amounts of data externally, reaching out to known malicious IP addresses, or communicating with command-and-control servers. Monitoring for such abnormalities is crucial as they often signal that malware is exfiltrating sensitive data or that the host is being used for unauthorized activities. In contrast, consistent antivirus updates indicate that a system is being actively protected and maintained, which is a good sign of security hygiene rather than a sign of compromise. Inactive firewall logs suggest a lack of traffic that could point to either a poorly configured firewall or, potentially, a host that is unable to communicate due to compromise, but it is not definitive without further context. Frequent user login attempts, especially if they are originating from the same user account, may be indicative of suspicious activity, but they do not explicitly confirm a compromise on an internal host as much as unusual outbound traffic does. Therefore, monitoring and analyzing outbound traffic is key for identifying potential compromises effectively.