CS0-003 Security Operations • Set 7
CS0-003 Security Operations Practice Test 7 — 15 questions with explanations. Free, no signup.
A SOC analyst receives an alert from the SIEM indicating a high volume of outbound traffic from a single workstation to an external IP address on port 22. Upon investigation, the analyst finds the workstation is used by a developer who frequently transfers large files to a remote server via SCP. What is the most appropriate classification for this alert?