Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) — Question 224

Which option describes indicators of attack?

Answer options

• A. blocked phishing attempt on a company
• B. spam emails on an employee workstation
• C. virus detection by the AV software
• D. malware reinfection within a few minutes of removal

Correct answer: D

Explanation

Option D is correct because a malware reinfection shortly after removal indicates that the attack is persistent and ongoing, which is a clear indicator of an attack. The other options, while related to security incidents, do not necessarily indicate an active attack; for instance, blocked phishing attempts and spam emails can be part of normal security operations, and virus detection could be a reaction to a past issue rather than an indicator of ongoing activity.