CompTIA Security+ (SY0-501) — Question 494

A security administrator is analyzing a user report in which the computer exhibits odd network-related outages. The administrator, however, does not see any suspicious processes running. A prior technician's notes indicate the machine has been remediated twice, but the system still exhibits odd behavior. Files were deleted from the system recently.
Which of the following is the MOST likely cause of this behavior?

Answer options

• A. Crypto-malware
• B. Rootkit
• C. Logic bomb
• D. Session hijacking

Correct answer: B

Explanation

The most likely cause of the behavior is a Rootkit, as it can hide its presence and manipulate the system, leading to persistent issues even after remediation attempts. Crypto-malware typically encrypts files for ransom, while a logic bomb activates under specific conditions, and session hijacking involves taking over a user's session, none of which directly explain the ongoing network problems.