CompTIA SecurityX (CAS-005) — Question 232

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites. The technician will define this threat as:

Answer options

• A. a decrypting RSA using an obsolete and weakened encryption attack.
• B. a zero-day attack.
• C. an advanced persistent threat.
• D. an on-path attack.

Correct answer: C

Explanation

The correct answer, C, an advanced persistent threat, describes a prolonged and targeted attack where the attacker gains unauthorized access to a network and remains undetected for an extended period. The other options do not fit this scenario; A refers to a specific cryptographic attack, B pertains to vulnerabilities that are exploited before a patch is available, and D describes a method of intercepting communications, which does not encompass the sustained nature of the threat described.