During a routine review of firewall logs, an analyst identified that an IP address from the organization’s server subnet had been connecting during nighttime hours to a foreign IP address, and had been sending between
150 and 500 megabytes of data each time. This had been going on for approximately one week, and the affected server was taken offline for forensic review. Which of the following is MOST likely to drive up the incident’s impact assessment?
A.
PII of company employees and customers was exfiltrated.
B.
Raw financial information about the company was accessed.
C.
Forensic review of the server required fall-back on a less efficient service.
D.
IP addresses and other network-related configurations were exfiltrated.
E.
The local root password for the affected server was compromised.
Explanation: