CompTIA CASP+ (CAS-004) — Question 19
A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped.
The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.
The technician will define this threat as:
Answer options
- A. a decrypting RSA using obsolete and weakened encryption attack.
- B. a zero-day attack.
- C. an advanced persistent threat.
- D. an on-path attack.
Correct answer: C
Explanation
The correct answer is C, as an advanced persistent threat (APT) involves prolonged and targeted attacks where an intruder gains access to a network and remains undetected for an extended period. The other options do not accurately describe this scenario: A refers to encryption vulnerabilities, B describes new, unknown exploits, and D relates to interception of communications, none of which fit the context of sustained data transfer over time.