CompTIA CySA+ (CS0-001) — Question 270

Using a heuristic system to detect an anomaly in a computer's baseline, a system administrator was able to detect an attack even though the company signature based IDS and antivirus did not detect it. Further analysis revealed that the attacker had downloaded an executable file onto the company PC from the USB port, and executed it to trigger a privilege escalation flaw. Which of the following attacks has MOST likely occurred?

Answer options

• A. Cookie stealing
• B. Zero-day
• C. Directory traversal
• D. XML injection

Correct answer: B

Explanation

The correct answer is B, Zero-day, as it refers to attacks that exploit vulnerabilities not yet known to the vendor or security community, which aligns with the situation described. The other options—Cookie stealing, Directory traversal, and XML injection—are different attack types that do not specifically match the scenario of exploiting an unknown vulnerability through executing a malicious file.