CompTIA Security+ (SY0-601) — Question 729
An analyst is reviewing logs associated with an attack. The logs indicate an attacker downloaded a malicious file that was quarantined by the AV solution. The attacker utilized a local non-administrative account to restore the malicious file to a new location. The file was then used by another process to execute a payload.
Which of the following attacks did the analyst observe?
Answer options
- A. Privilege escalation
- B. Request forgeries
- C. Injection
- D. Replay attack
Correct answer: C
Explanation
The correct answer is C, Injection, as the attacker used the restored malicious file to execute a payload, indicative of a code injection attack. Privilege escalation (A) would involve gaining higher access rights, which is not the primary focus here. Request forgeries (B) and Replay attacks (D) do not apply as they involve different mechanisms of attack not shown in this scenario.