CompTIA CySA+ (CS0-002) — Question 47

A security analyst reviews SIEM logs and detects a well-known malicious executable running in a Windows machine. The up-to-date antivirus cannot detect the malicious executable. Which of the following is the MOST likely cause of this issue?

Answer options

• A. The malware fileless and exists only in physical memory.
• B. The malware detects and prevents its own execution in a virtual environment
• C. The antivirus does not have the malware's signature.
• D. The malware is being executed with administrative privileges.

Correct answer: A

Explanation

The correct answer is A because fileless malware operates in memory and does not leave traditional file signatures that antivirus programs can detect. Option B is incorrect as it implies the malware's environment detection, which is not the primary issue. Option C is also incorrect; while signature-based detection is relevant, the fileless nature of the malware is the key factor. Option D does not address the undetectability of the malware by the antivirus, which is primarily due to it being fileless.