KT-NET Beaconing

Proxy logs show failed CONNECT attempts every minute from malware sandbox?

Multiple choice — select one answer

Answer choices

  1. a. Proof HR is phishing, without security or identity team coordination per policy.
  2. b. CCTV offline, using shared credentials instead of individual accountability.
  3. c. Sandbox may be simulating beacon—ensure production hosts are not in same pattern
  4. d. DNSSEC misconfiguration only, using shared credentials instead of individual accountability.

Architectural breakdown & explanation

Distinguish test lab from production beaconing via asset context.

Correct answer(s): c. Sandbox may be simulating beacon—ensure production hosts are not in same pattern

Exam domain: Beaconing (17% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Network Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.