SY0-501 · Question #37
SY0-501 Question #37: Real Exam Question with Answer & Explanation
The correct answer is A: Botnet. The communication between internal computers and external IPs during off-hours strongly indicates a botnet, as this behavior aligns with command and control (C2) communication. Other malware types do not primarily manifest as persistent outbound C2 traffic.
Question
A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue?
Options
- ABotnet
- BRansomware
- CPolymorphic malware
- DArmored virus
Explanation
The communication between internal computers and external IPs during off-hours strongly indicates a botnet, as this behavior aligns with command and control (C2) communication. Other malware types do not primarily manifest as persistent outbound C2 traffic.
Common mistakes.
- B. Ransomware's primary characteristic is encrypting data and demanding a ransom payment, not persistent outbound communication with external IPs during off-hours for control purposes.
- C. Polymorphic malware refers to malware that changes its code to evade signature-based detection, which describes a characteristic of malware, not its observed communication behavior.
- D. An armored virus employs techniques to make reverse engineering and analysis difficult, which is a method of protection for the malware, not its external communication pattern.
Concept tested. Malware type identification based on network behavior
Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/botnet-detection
Community Discussion
No community discussion yet for this question.