Question 53 of 730 from exam SY0-601: CompTIA Security+

Prev Question Next Question

Question

A security administrator has found a hash in the environment known to belong to malware.

The administrator then finds this file to be in in the preupdate area of the OS, which indicates it was pushed from the central patch system.

File: winx86_adobe_flash_upgrade.exe Hash: 99ac28bede43ab869b853ba62c4ea243 The administrator pulls a report from the patch management system with the following output:

Install Date Package Name Target Devices Hash
10/10/2017 java_11.2_x64.exe HQ PC's Olab28bbde63aa879b35bba62cdes283
10/10/2017 winx®6_adobe_flash_upgrade.exe HQ PC's 99ac2Bbede43ab869b853ba62c4e0243

Given the above outputs, which of the following MOST likely happened?

Answers

A. The file was corrupted after it left the patch system.

B. The file was infected when the patch manager downloaded it.

C. The file was not approved in the application whitelist system.

D. The file was embedded with a logic bomb to evade detection.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Prev Question Next Question