Command And Control — CompTIA Security+ (SY0-701) Practice Questions
Command and control (C2) refers to the infrastructure and communication channels that attackers use to remotely direct malware or compromised systems after initial infection. On the SY0-701 exam, candidates must understand how C2 channels operate, including common techniques such as using HTTP or DNS traffic to blend in with legitimate communications and avoid detection. Identifying C2 traffic is a key step in incident response and threat hunting because cutting off this communication can neutralize an active attack. Security controls such as DNS filtering, egress monitoring, and threat intelligence feeds are commonly used to detect and block C2 activity.
Free questions on command and control
An organization experiences a sudden spike in outbound network traffic from several workstations to unknown IPs. Which attack is MOST likely occurring?
Free question · medium · full answer + explanation
More command and control questions in the full bank
- A security analyst reviews the firewall logs and notices outbound traffic to an external IP address on port 443, but the traffic pattern is unusual: small data requests followed immediately by large data responses. This pattern repeats every 5 minutes. Which of the following is the MOST likely explanation? Unlock answer & explanation →