CompTIA Security Plus Mock Test Q714

A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident?

A. MAC Spoofing
B. Session Hijacking
C. Impersonation
D. Zero-day


Correct Answer: D
Section: Threats and Vulnerabilities

Explanation:
This question states that antivirus is up-to-date on the workstation and the firewall has not been altered. The antivirus software is up to date with all ‘known’ viruses. A zero day
vulnerability is an unknown vulnerability so a patch or virus definition has not been released yet.
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it
— this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day”
refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must
protect users.

Incorrect Answers:
A: This is not an example of MAC Spoofing. MAC Spoofing can be used to ‘redirect’ traffic to a different host. However, in this question the data is being sent to another country. The
traffic will therefore be going through several routers. MAC Spoofing only works when the host is on the same broadcast domain as the intended destination host.
B: Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the
authorized user. Once the user’s session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on
the network. In this question, the data is being transferred from a workstation, not a web server so this is not an example of session hijacking.
C: Impersonation is where a person, computer, software application or service pretends to be someone it’s not. It is unlikely that a person in a foreign country is accessing the data by
impersonating someone.

References:
http://www.pctools.com/security-news/zero-day-vulnerability/