CompTIA CASP+ (CAS-004) — Question 596

A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.
Which of the following BEST describes the type of malware the solution should protect against?

Answer options

• A. Worm
• B. Logic bomb
• C. Fileless
• D. Rootkit

Correct answer: C

Explanation

The correct answer is C, as fileless malware operates in memory and does not leave traditional files on the disk, making it difficult for antivirus tools to detect. Worms and logic bombs typically involve file-based attacks, while rootkits primarily focus on hiding their presence but do not specifically describe the execution method used by this malware.