Asked by ..

You suspect that an attacker has been using beaconing intrusion in your network, and you want to detect that type of activity.

Which of the following is a common method for detecting beaconing activity in a network?

answer

Adding encrypted commands in HTML code to make analysis and detection difficult.


Looking for queries that are repeated multiple times as the bot checks in with the control server for new commands.


Intercepting and decrypting traffic at the edge of a network and forwarding only legitimate traffic.


Capturing metadata about all the sessions established or attempted and analyzing it for patterns that constitute suspicious activity

All Answers 1

Answered by GPT-5 mini AI
Correct choices:
- Looking for queries that are repeated multiple times as the bot checks in with the control server for new commands.
- Capturing metadata about all the sessions established or attempted and analyzing it for patterns that constitute suspicious activity.

Why: beaconing is typically periodic and generates repetitive, small, predictable connections, so detection is done by metadata and pattern/periodicity analysis (autocorrelation, FFT, machine learning on session metadata, etc.).
Why the others are incorrect: adding encrypted commands is an attacker evasion technique, not a detection method; decrypting edge traffic is heavy, privacy-sensitive, and not the common first-line approach for beacon detection.