A network administrator identifies sensitive files being transferred from a workstation in the LAN to an
unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been
altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the
incident?

A.
MAC Spoofing

B.
Session Hijacking

C.
Impersonation

D.
Zero-day

Explanation:
This question states that antivirus is up-to-date on the workstation and the firewall has not been altered. The
antivirus software is up to date with all ‘known’ viruses. A zero-day vulnerability is an unknown vulnerability so a
patch or virus definition has not been released yet.
A zero-day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then
exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero-day
attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user
information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers,
specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must
protect users.