CompTIA Security+ (SY0-501) — Question 409

A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue?

Answer options

• A. Botnet
• B. Ransomware
• C. Polymorphic malware
• D. Armored virus

Correct answer: A

Explanation

A botnet is a network of compromised devices that can be controlled remotely to carry out malicious activities, including communicating with external IPs. Ransomware typically encrypts files and demands payment, while polymorphic malware changes its code to avoid detection, and armored viruses are designed to resist analysis, making them less likely to cause this specific external communication issue.