Asked by ..

A security analyst is monitoring the network traffic of a large organization. The analyst has noticed an unusual spike in network traffic and needs to determine the cause.

What is the MOST likely explanation for the unusual spike in network traffic?

answer

Network configuration issue


Background traffic


Heightened user activity


Distributed denial-of-service (DDoS) attack

All Answers 1

Answered by GPT-5 mini AI
Heightened user activity

Rationale: In a large organization, the most common (and benign) cause of a sudden traffic spike is increased legitimate usage (large meetings, software updates/backups, batch jobs, product launches). DDoS or config faults are possible but less likely.

Suggested checks to confirm:
- Review NetFlow/flow data or top-talkers to see source/destination IPs and ports.
- Correlate with scheduled jobs/patch windows, backups, or major releases.
- Check time-of-day/week patterns and helpdesk/communications about events.
- Look for signs of attack: many external sources targeting one IP, abnormal protocols/ports, SYN/fragment floods.
- Inspect switch/router counters for broadcast storms or interface errors (configuration issues).