Valid 300-220 Dumps shared by EduDump.com for Helping Passing 300-220 Exam! EduDump.com now offer the newest 300-220 exam dumps, the EduDump.com 300-220 exam questions have been updated and answers have been corrected get the newest EduDump.com 300-220 dumps with Test Engine here:
A threat hunter usesCisco Secure Network Analytics (Stealthwatch)to identify potential command-and- control traffic. Which characteristic MOST strongly indicates beaconing behavior?
Correct Answer: C
The correct answer issmall, periodic outbound connections to a rare destination. Beaconing is a hallmark of command-and-control (C2) communication, particularly in stealthy malware campaigns. Attackers design C2 channels to: * Minimize bandwidth usage * Blend into normal traffic * Avoid triggering threshold-based alerts As a result, beaconing traffic often consists oflow-volume, regular intervalsconnecting to the same external destination. Cisco Secure Network Analytics is purpose-built to detect this type ofbehavioral anomalyusing NetFlow and telemetry analysis. Option A suggests data exfiltration rather than beaconing. Option B is too broad and unspecific. Option D relates to denial-of-service or scanning activity, not C2. This hunting technique aligns withMITRE ATT&CK - Command and Controland is explicitly covered in theCBRTHD blueprintunder network-based threat hunting. Detecting beaconing behavior forces attackers to significantly alter their communication strategy, increasing their operational cost. Therefore,Option Cis the correct and Cisco-aligned answer.