nerdexam
ExamsSY0-301Questions#243
CompTIA

SY0-301 · Question #243

SY0-301 Question #243: Real Exam Question with Answer & Explanation

The correct answer is A: Zero-day attack. A Zero-Day Attack exploits a vulnerability or uses malware that is unknown to security vendors at the time of the attack - meaning no signature or detection pattern yet exists. The critical detail here is that even an up-to-date antivirus definition file cannot detect the infecti

Question

The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection. Which of the following has happened on the workstation?

Options

  • AZero-day attack
  • BKnown malware infection
  • CSession hijacking
  • DCookie stealing

Explanation

A Zero-Day Attack exploits a vulnerability or uses malware that is unknown to security vendors at the time of the attack - meaning no signature or detection pattern yet exists. The critical detail here is that even an up-to-date antivirus definition file cannot detect the infection. If it were a Known Malware Infection (B), the updated AV definitions would have caught it. The workstation is actively communicating with a known malicious destination over an encrypted tunnel, confirming compromise, but the AV's inability to detect it despite current definitions points to a novel, previously unknown (zero-day) threat. Session Hijacking (C) involves stealing an active session token, not establishing a persistent encrypted tunnel. Cookie Stealing (D) is a technique to capture session cookies, not a type of persistent malware infection like what is described.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice