Data Exfiltration — CompTIA CySA+ (CS0-003) Practice Questions
Data exfiltration is the unauthorized transfer of sensitive information out of an organization's environment, and detecting it is a major focus of the CySA+ exam. Attackers use a variety of techniques to move data, such as encoding it in outbound web traffic, tunneling it through permitted protocols, or staging it in cloud storage before retrieval. Analysts must recognize exfiltration indicators in network flow data, proxy logs, and DLP alerts, and understand how data classification policies inform detection priorities. Preventing and detecting exfiltration is directly linked to breach notification obligations and regulatory compliance.
Free questions on data exfiltration
An analyst reviewing network traffic captures detects a large outbound transfer of data to an external IP address that matches no approved egress policy. What is the NEXT step?
Free question · medium · full answer + explanation
A company's security operations center receives an alert about potential data exfiltration, but the alert contains false positives. An analyst must design a more effective alerting strategy. Which approach should be prioritized?
Free question · hard · full answer + explanation
More data exfiltration questions in the full bank
- What is data exfiltration? Unlock answer & explanation →
- How to detect data exfiltration? Unlock answer & explanation →
- An analyst detects unusual outbound traffic on port 53 (DNS) with large data transfers. What might this indicate? Unlock answer & explanation →