CompTIA Security+ (SY0-601) — Question 647

A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection?

Answer options

• A. The software had a hidden keylogger.
• B. The software was ransomware.
• C. The user’s computer had a fileless virus.
• D. The software contained a backdoor.

Correct answer: D

Explanation

The correct answer is D because a backdoor allows unauthorized access to the system, which can explain the unusual network traffic. Options A and C are plausible threats, but they do not specifically account for the observed network behavior as effectively as a backdoor. Option B, while a serious threat, typically does not manifest as external traffic on uncommon ports like a backdoor would.