CompTIA Security+ (SY0-601) — Question 303

A user reset the password for a laptop but has been unable to log in to it since then. In addition, several unauthorized emails were sent on the user’s behalf recently. The security team investigates the issue and identifies the following findings:

• Firewall logs show excessive traffic from the laptop to an external site.
• Unknown processes were running on the laptop.
• RDP connections that appeared to be authorized were made to other network devices from the laptop.
• High bandwidth utilization alerts from that user's username.

Which of the following is most likely installed on the laptop?

Answer options

• A. Worm
• B. Keylogger
• C. Trojan
• D. Logic bomb

Correct answer: C

Explanation

The presence of excessive traffic, unknown processes, and unauthorized RDP connections suggests that a Trojan is likely installed since Trojans can provide remote access and control to attackers. Worms generally spread independently, keyloggers record keystrokes without directly affecting system performance, and logic bombs trigger under specific conditions, which doesn't match the described symptoms.