CompTIA Security+ (SY0-601) — Question 410

A large financial services firm recently released information regarding a security breach within its corporate network that began several years before. During the time frame in which the breach occurred, indicators show an attacker gained administrative access to the network through a file downloaded from a social media site and subsequently installed it without the user's knowledge. Since the compromise, the attacker was able to take command and control of the computer systems anonymously while obtaining sensitive corporate and personal employee information. Which of the following methods did the attacker most likely use to gain access?

Answer options

• A. A bot
• B. A fileless virus
• C. A logic bomb
• D. A RAT

Correct answer: D

Explanation

The attacker likely used a RAT (Remote Access Trojan) to establish control over the computer systems, allowing for anonymous command and control while accessing sensitive information. A bot typically refers to automated tasks, a fileless virus operates without traditional files, and a logic bomb triggers under specific conditions, none of which align as closely with the scenario described.