A cybersecurity analyst has received an alert that well-known “call home” messages are continuously observed by network sensors at the network boundary. The proxy firewall successfully drops the messages. After determining the alert was a true positive, which of the following represents the MOST likely cause?
A.
Attackers are running reconnaissance on company resources.
B.
Commands are attempting to reach a system infected with a botnet trojan.
C.
An insider is trying to exfiltrate information to a remote network.
D.
Malware is running on a company system.
Explanation: