CompTIA CySA+ (CS0-001) — Question 173

A production web server is experiencing performance issues. Upon investigation, new unauthorized applications have been installed and suspicious traffic was sent through an unused port. Endpoint security is not detecting any malware or virus. Which of the following types of threats would this MOST likely be classified as?

Answer options

• A. Advanced persistent threat
• B. Buffer overflow vulnerability
• C. Zero day
• D. Botnet

Correct answer: A

Explanation

The situation described indicates a sophisticated and targeted attack, which aligns with the characteristics of an Advanced Persistent Threat (APT). The presence of unauthorized applications and suspicious traffic suggests that attackers may be trying to maintain long-term access, which is typical of APTs. The other options, such as Buffer overflow vulnerability and Zero day, refer to specific types of vulnerabilities, while a Botnet typically involves a network of compromised devices rather than a targeted attack on a single server.