Question

A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident?
A. MAC Spoofing
B. Session Hijacking
C. Impersonation
D. Zero-day

Answer 1

Answer:

D. Zero-day

Explanation:

It is clearly stated that the antivirus is still up-to-date on the workstation, and there has been no alterations to the firewall. Hence, this means the software is functional and up-to-date with all known viruses. This shows that this attack is unknown to the manufacturer of the antivirus software and hence no virus definition or patch fixing this problem has been developed yet. In this light, it is a zero-day.

A zero-day is a type of vulnerability in a software that is not yet known to the vendor or manufacturer, hence this security hole makes the software vulnerable to attackers or hacker before it is been fixed.