During network monitoring, an analyst observes periodic, predictable network traffic from a specific internal device to an external server. Which action should the analyst prioritize to identify if this is an indicator of beaconing?
Analyze the packet contents to check for signs of malicious communication.
Check if the traffic is using non-standard ports.
Validate the reputation of the external server.
Ignore the traffic since it is periodic and predictable.
Periodic and predictable traffic patterns are classic signs of beaconing, which is often used in command and control communication by malware. The best action to take is to analyze the packet contents to identify any signs of malicious communication or anomalies. Checking for unusual port usage and validating the destination server's reputation are also important steps, but analyzing the packet contents will provide the most direct evidence of beaconing.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is beaconing in network traffic?
Open an interactive chat with Bash
What kind of signs would indicate malicious communication in packet contents?
Open an interactive chat with Bash
Why should analysts check for traffic using non-standard ports?