CompTIA Security+ (SY0-501) — Question 694

While checking logs, a security engineer notices a number of end users suddenly downloading files with the .tar.gz extension. Closer examination of the files reveals they are PE32 files. The end users state they did not initiate any of the downloads. Further investigation reveals the end users all clicked on an external email containing an infected MHT file with an href link a week prior. Which of the following is MOST likely occurring?

Answer options

• A. A RAT was installed and is transferring additional exploit tools.
• B. The workstations are beaconing to a command-and-control server.
• C. A logic bomb was executed and is responsible for the data transfers.
• D. A fireless virus is spreading in the local network environment.

Correct answer: A

Explanation

A Remote Access Trojan (RAT) is likely responsible for the unauthorized downloads, as it can stealthily initiate file transfers without user consent. The other options do not align as closely with the symptoms observed, such as the specific file types and the user reports of inaction related to the downloads.