CySA+ CS0-001 – Q. 295


In reviewing firewall logs, a security analyst has discovered the following IP address, which several employees are using frequently:
The organization’s servers use IP addresses in the CIDR. Additionally, the analyst has noticed that corporate data is being stored at this new location. A few of these employees are on the management and executive management teams. The analyst has also discovered that there is no record of this IP address or service in reviewing the known locations of managing system assets. Which of the following is occurring in this scenario?

A. Malicious process
B. Unauthorized change
C. Data exfiltration
D. Unauthorized access