CompTIA CySA+ (CS0-002) — Question 252

A security analyst recently observed evidence of an attack against a company’s web server. The analyst investigated the issue but was unable to find an exploit that adequately explained the observations. Which of the following is the most likely cause of this issue?

Answer options

• A. The security analyst needs updated forensic analysis tools.
• B. The security analyst needs more training on threat hunting and research.
• C. The security analyst has potentially found a zero-day vulnerability that has been exploited.
• D. The security analyst has encountered a polymorphic piece of malware.

Correct answer: C

Explanation

The correct answer is C because a zero-day vulnerability is an exploit that is unknown to the vendor and can be used by attackers without detection. Options A and B suggest a lack of tools or knowledge, which does not directly explain the inability to find an exploit. Option D refers to polymorphic malware, which would typically be detected, but does not necessarily relate to the absence of identifiable exploits.