Exam CS0-002 topic 1 question 56 discussion

The answer should be A. According to the Compita study guide there are only two threat classifications which are known and unknown. APT is a threat actor type and Zero day is a type of malware or threat but not a threat classification. Hope this helps.

Polymorphic malware is a type of malware that constantly changes its identifiable features in order to evade detection, therefore its a known threat. While APTs may use polymorphic code, it does not specify anywhere about the characteristics of APTs - coordination, resources, persistence, capability or intent.

D. Advanced persistent threat According to my study guide, there's more than two Threat Classifications and APT is one of them.

Polymorphic code is used to evade detection by changing its appearance while maintaining its malicious behavior. Advanced persistent threats (APTs) often employ such sophisticated techniques to remain undetected for extended periods while they target specific organizations or individuals.

These are newly discovered vulnerabilities for which no patch or mitigation exists yet. Attackers often exploit zero-days by using sophisticated techniques like polymorphic code to evade detection until security researchers become aware of the threat and develop countermeasures.

C Unknown Threat here is a good explanation. Definitely a crappy question... https://www.paloaltonetworks.com/cyberpedia/what-are-unknown-cyberthreats

answer is C: (reference:CYSA+ certmaster) Another example of a known unknown is that malware authors can use various obfuscation techniques to circumvent signature-matching. The exact form that such malware will take is unknown, but its likely use and operation within an attack is predictable, at least to some extent.

ChatGPT: "Advanced persistent threa" comes first, then "Zero-day".

APTs are sophisticated threats that are often targeted at specific organizations. They are designed to avoid detection and evade traditional security measures. Polymorphic code is a type of malware that can change its code each time it is executed. This makes it difficult for antivirus software to detect and block.

only 2 types od threat classification ( known and unknown)

B. Zero-day threat is the most likely threat classification to use polymorphic code. Polymorphic code is a type of code that can change its structure without changing its functionality, making it difficult for traditional signature-based antivirus systems to detect and block it. Zero-day threats are newly discovered vulnerabilities that have not yet been patched by vendors and are exploited by threat actors to carry out attacks. Since zero-day threats are unknown to security vendors and antivirus systems, attackers may use polymorphic code to evade detection and deliver their payloads.

[GPT4] In the context of the CompTIA Security+ exam, polymorphic code can be associated with different types of malware threats. Polymorphic code refers to malicious software that can change its code or behavior to evade detection by antivirus and other security software. Polymorphic malware can be categorized under the following threat classifications: Known and unknown. Unknown threats or zero-day threats would be the classification MOST likely to use polymorphic code. Polymorphic malware is specifically designed to evade detection and constantly change its code or behavior to avoid signature-based security solutions. This makes it more challenging for security researchers and software to identify and counter unknown polymorphic threats as compared to known ones.

Polymorphic code is a technique used by attackers to modify the code of malicious software, such as viruses or trojans, so that it appears different each time it is executed while retaining its original functionality. This technique is often used to evade detection by signature-based antivirus software, which identifies malware based on its signature or pattern.

We know of Polymorphic code concept that it is evading detection by means of changing its signature/appearance while retaining its functionality. As it evades detection, it bypass AV detection making it "Unknown". Since as everyone pointed out that this asks for threat classification- Known vs Unknown, Jason Dion course from Udemy actually classified "Known Unknowns" as under "Unknown" threat classification. Known Unknowns - a classification of malware that contains obfuscation techniques to circumvent signature-matching and detection

Historically, cybersecurity techniques depended very much on the identification of "static" known threats, such as viruses, rootkits, Trojans, and botnets. It is straightforward to identify and scan for this type of threat with automated software by matching the malicious code to a signature in a database of known malware. Unfortunately, many adversaries now have the capability to develop means of circumventing these security systems. The sophisticated nature of modern cybersecurity threats means that when classifying threats, it is important to be able to describe and analyze behaviors as well as enumerate known attack signatures. This type of threat classification underpins tools and procedures that can detect unknown threats. Official Comptia Cysa+ Material

Taken directly from comptia CySA 002 exam objectives 1.1 "Threat classification - Known threat vs. unknown threat - Zero-day - Advanced persistent threat" Surely APT is the most likely to have access to this technology...

Going with D. APTs have the resources to create polymorphic malware, which traditional actors may not.