Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Discussions
  3. CompTIA
  4. CompTIA CASP
  5. CAS-004 Discussions
  6. CAS-004 Exam Topic 15 Question 148 Discussion
 CompTIA Discussions
Exam CAS-004 All Questions
Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Go to Exam

CompTIA CASP CAS-004 Question # 148 Topic 15 Discussion

CAS-004 Exam Topic 15 Question 148 Discussion:
Question #: 148
Topic #: 15

A security operations center analyst is investigating anomalous activity between a database server and an unknown external IP address and gathered the following data:

• dbadmin last logged in at 7:30 a.m. and logged out at 8:05 a.m.

• A persistent TCP/6667 connection to the external address was established at 7:55 a.m. The connection is still active.

• Other than bytes transferred to keep the connection alive, only a few kilobytes of data transfer every hour since the start of the connection.

• A sample outbound request payload from PCAP showed the ASCII content: "JOIN #community".

Which of the following is the MOST likely root cause?
A.

A SQL injection was used to exfiltrate data from the database server.

B.

The system has been hijacked for cryptocurrency mining.

C.

A botnet Trojan is installed on the database server.

D.

The dbadmin user is consulting the community for help via Internet Relay Chat.

Get Premium CAS-004 Questions
Actual exam question for CompTIA CAS-004 exam by Cyra6404 at May 2, 2026, 9:08:37 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit