CompTIA Security+ (SY0-501) — Question 562
An incident response analyst in a corporate security operations center receives a phone call from an SOC analyst. The SOC analyst explains the help desk recently reimaged a workstation that was suspected of being infected with an unknown type of malware; however, even after reimaging, the host continued to generate SIEM alerts. Which of the following types of malware is MOST likely responsible for producing the SIEM alerts?
Answer options
- A. Ransomware
- B. Logic bomb
- C. Rootkit
- D. Adware
Correct answer: C
Explanation
A rootkit is designed to hide its presence and can persist even after a reimage, thereby continuing to generate SIEM alerts. Ransomware and adware typically do not exhibit this level of stealth, and while a logic bomb can trigger actions, it is not primarily known for evading detection like a rootkit does.