ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 929 discussion

Actual exam question from CompTIA's SY0-501
Question #: 929
Topic #: 1
[All SY0-501 Questions]

While checking logs, a security engineer notices a number of end users suddenly downloading files with the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

  • A. A RAT was installed and is transferring additional exploit tools.
  • B. The workstations are beaconing to a command-and-control server.
  • C. A logic bomb was executed and is responsible for the data transfers.
  • D. A fireless virus is spreading in the local network environment.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by exiledwl at Dec. 27, 2020, 2:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
exiledwl
Highly Voted 4 years, 5 months ago
A RAT can take control of keyboard/mouse and download and launch executables https://www.makeuseof.com/tag/simply-effectively-deal-remote-access-trojans/#:~:text=Remote%20Access%20Trojans%20are%20nasty,from%20anywhere%20in%20the%20world.&text=A%20RAT%20Trojan%20can%20allow,of%20your%20keyboard%20and%20mouse.
upvoted 5 times
...
ID77
Most Recent 1 year, 3 months ago
Selected Answer: A
A growing trend is for attackers to deliver Trojan as Portable Executable (PE) files in 32 bit and 64 bit formats. They often compares the PE files using compression tools such as tar. Tar files have the tar.gz file extension.
upvoted 1 times
...
19thflo00r
4 years ago
Unless someone tells me different, I'm going with C - Logic Bomb. Just like SeniorFay wrote, "Suddenly" and "a week ago".
upvoted 1 times
...
SeniorFay
4 years, 4 months ago
mark the words "suddenly" and "a week ago". That makes the case look like a logic bomb. I would pick the answer C
upvoted 3 times
Orkhann
4 years, 4 months ago
pe32 is executable file format so i dont think this is a data transfer https://en.wikipedia.org/wiki/Portable_Executable
upvoted 3 times
...
[Removed]
4 years, 2 months ago
If this was a file server then C would make sense.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel