220-1002 Question #406: Real Exam Question with Answer & Explanation

The correct answer is C: Botnet. A botnet infection enrolls the compromised computer as part of a network of infected machines controlled by a remote attacker (command-and-control server). Botnet agents can use encrypted communications and legitimate system processes, making them difficult for standard malware s

Question

A technician scans a computer for malware, and it comes back clean each time. However, the user still sees suspicious activity from the computer. Which of the following should the technician check for NEXT?

Options

ARootkit
BKeylogger
CBotnet
DAdware

Explanation

A botnet infection enrolls the compromised computer as part of a network of infected machines controlled by a remote attacker (command-and-control server). Botnet agents can use encrypted communications and legitimate system processes, making them difficult for standard malware scanners to detect - yet the suspicious activity (unusual network traffic, slowdowns, unexpected processes) remains visible to the user. While rootkits are known for hiding from scanners, a botnet infection manifests as external suspicious behavior and network anomalies that match the described scenario. The technician should investigate outbound network connections and look for command-and-control communication patterns consistent with botnet activity.

Community Discussion

No community discussion yet for this question.

Full 220-1002 Practice