An organization experiences a sudden spike in outbound network traffic from several workstations to unknown IPs. Which attack is MOST likely occurring?

  1. Botnet malware infection ✓
  2. Brute force attack
  3. Man-in-the-middle attack
  4. Distributed denial of service (DDoS)

Correct answer: Botnet malware infection

Option A is correct because a botnet infection causes compromised workstations (bots) to receive commands from a command-and-control server and generate large volumes of outbound traffic to external IPs, which matches the described spike to unknown addresses from multiple hosts. Option B is wrong because a brute force attack typically generates inbound authentication attempts against a target, not a spike in outbound traffic from workstations. Option C is wrong because a man-in-the-middle attack intercepts traffic between two parties and does not inherently produce abnormal outbound volume from multiple endpoints. Option D is wrong because a DDoS attack uses many sources to flood a victim, but the symptom described here is outbound traffic originating from inside the network, which is more consistent with the compromised workstations being the bots rather than the target.

Topic: General Security Concepts · botnet, malware, network traffic analysis, command and control

Practice CompTIA Security+ (SY0-701) Questions Free