The scenario describes a classic indicator of a data exfiltration event. The key elements are an "excessive amount of traffic" (a large volume of data) originating from an "external-facing host" (a potentially compromised asset) and being sent to an "unknown location on the Internet" (an unauthorized, non-business-related destination). This pattern strongly suggests that a malicious actor has compromised the host and is actively stealing and transferring sensitive data. The "intermittent network communication problems" are a secondary symptom caused by the exfiltration traffic consuming available network bandwidth.

A. The network is experiencing a denial of service (DoS) attack.

A DoS attack typically involves a flood of inbound traffic to overwhelm a service, not a large volume of outbound traffic from a single host.

C. Rogue hardware has been installed.

While rogue hardware can cause network issues, it does not directly explain the specific pattern of high-volume, directed outbound traffic originating from a specific host.

D. An administrator has misconfigured a web proxy.

A misconfiguration is more likely to cause connection failures or routing errors rather than a sustained, excessive flow of data to a single unknown, malicious destination.

1. NIST Special Publication 800-61 Rev. 2

Computer Security Incident Handling Guide. Section 3.2.2

"Signs of an Incident

" lists common indicators. Indicator #5 states

"Unusual outbound network traffic... Large amounts of outbound traffic from a particular host may indicate that sensitive data is being exfiltrated." (Page 24).

2. Purdue University

CERIAS (The Center for Education and Research in Information Assurance and Security). In technical reports on intrusion detection

such as "A Survey of Anomaly Detection Techniques in Network Intrusion Detection

" it is established that significant deviations from baseline network behavior

such as unusually large outbound data flows to new or suspicious IP addresses

are primary indicators of compromise and potential data exfiltration. (e.g.

Garcia-Teodoro

P.

et al.

2009. Anomaly-based network intrusion detection: Techniques

systems and challenges. Computers & Security

28(1-2)

pp.18-28. https://doi.org/10.1016/j.cose.2008.08.003).

3. MIT OpenCourseWare

6.858 Computer Systems Security

Fall 2014. Lecture notes on Network Security discuss traffic analysis as a method for detecting compromises. Monitoring for anomalous traffic patterns

including large

unexpected outbound connections

is a fundamental technique for identifying systems that have been compromised for purposes such as data exfiltration. (See Lecture 15: Network Security).