CompTIA Security+ (SY0-501) — Question 641

A security administrator is investigating a possible account compromise. The administrator logs onto a desktop computer, executes the command notepad.exe c:
\Temp\qkakforlkgfkja.1og, and reviews the following:
Lee,\rI have completed the task that was assigned to me\rrespectfully\rJohn\r https://www.portal.com\rjohnuser\rilovemycat2
Given the above output, which of the following is the MOST likely cause of this compromise?

Answer options

• A. Virus
• B. Worm
• C. Rootkit
• D. Keylogger

Correct answer: D

Explanation

The correct answer is D, as the presence of 'johnuser' and 'ilovemycat2' suggests that a keylogger has captured sensitive information, including usernames and passwords. Options A, B, and C do not specifically indicate the collection of keystrokes or user credentials, which is a primary function of a keylogger.