CompTIA CySA+ (CS0-003) — Question 374

A security analyst notices multiple attempts of the same exploit being made on the perimeter network. The behavioral patterns indicate that a TCP SYN flood attack has been initiated, followed by a port scan of the company's public IP range. No other attacks are being performed from the actor's source IP address. All of the SYN flood attempts were thwarted by the firewall's stateful packet inspection engine. Which of the following is the most likely type of threat actor in this scenario?

Answer options

• A. Nation-state
• B. Script kiddie
• C. Advanced persistent threat
• D. Organized crime

Correct answer: B

Explanation

The correct answer is B, as a script kiddie typically uses existing scripts or tools to execute attacks without deep understanding, which aligns with the observed behavior of basic SYN flood and port scanning. The other options represent more sophisticated threat actors who generally employ advanced strategies and techniques beyond simple exploits.