CompTIA CySA+ (CS0-001) — Question 255

An analyst is observing unusual network traffic from a workstation. The workstation is communicating with a known malicious site over an encrypted tunnel. A full antivirus scan with an updated antivirus signature file does not show any sign of infection. Which of the following has occurred on the workstation?

Answer options

• A. Zero-day attack
• B. Known malware attack
• C. Session hijack
• D. Cookie stealing

Correct answer: A

Explanation

The correct answer is A, a zero-day attack, which refers to an exploit that is unknown to the vendor and therefore not yet patched, allowing malware to communicate undetected. A known malware attack (B) would typically be identified by antivirus software, while session hijacking (C) and cookie stealing (D) involve different types of exploits that do not align with the scenario of undetected encrypted traffic to a malicious site.