CompTIA Security+ (SY0-701) — Question 288

A user downloaded software from an online forum. After the user installed the software, the security team observed external network traffic connecting to the user's computer on an uncommon port. Which of the following is the most likely explanation of this unauthorized connection?

Answer options

• A. The software had a hidden keylogger.
• B. The software was ransomware.
• C. The user's computer had a fileless virus.
• D. The software contained a backdoor.

Correct answer: D

Explanation

The most likely explanation for the unauthorized connection is that the software contained a backdoor, allowing external access to the system. A keylogger or ransomware would typically have different behavioral patterns; keyloggers focus on capturing keystrokes while ransomware encrypts files. A fileless virus usually operates within memory without creating traditional files, making it less likely to cause such specific external traffic.