Review the incident report Packet captures show a host maintaining periodic TLS sessions that imitate normal HTTPS traffic but run on TCP 8443 to a single external host. An analyst flags the traffic as potential command-and-control. During the same period, the host issues frequent DNS queries with oversized TXT payloads to an attacker-controlled domain, transferring staged files. Which two MITRE ATT&CK techniques best describe this activity? (Choose two answers)

• A. Non-Standard Port
• B. Exploitation of Remote Services
• C. Exfiltration Over Alternative Protocol
• D. Hide Artifacts

Correct Answer: A,C

Brave-Dump Clients Votes