CompTIA Security+ (SY0-701) — Question 588

A security team receives reports about high latency and complete network unavailability throughout most of the office building. Flow logs from the campus switches show high traffic on TCP 445. Which of the following is most likely the root cause of this incident?

Answer options

• A. Buffer overflow
• B. NTP amplification attack
• C. Worm
• D. DoS attack

Correct answer: C

Explanation

The correct answer is C, as TCP 445 is commonly associated with Windows file sharing and is often exploited by worms that spread across networks. Options A and D are less likely in this scenario because they do not specifically relate to the high traffic on TCP 445, while option B refers to NTP amplification attacks, which typically use UDP, not TCP.