CompTIA Security+ (SY0-601) — Question 347

A security analyst is reviewing packet capture data from a compromised host on the network. In the packet capture, the analyst locates packets that contain large amounts of text. Which of the following is most likely installed on the compromised host?

Answer options

• A. Keylogger
• B. Spyware
• C. Trojan
• D. Ransomware

Correct answer: A

Explanation

The presence of large amounts of text in packet captures is indicative of a keylogger, which records keystrokes and transmits them. While spyware can also collect information, it typically does not focus on keylogging. Trojans and ransomware serve different purposes, such as giving unauthorized access or encrypting data, rather than capturing text.