A network administrator identifies sensitive files being transferred from a workstation in the LAN to
an unauthorized outside IP address in a foreign country. An investigation determines that the
firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following
is the MOST likely reason for the incident?

A.
MAC Spoofing

B.
Session Hijacking

C.
Impersonation

D.
Zero-day

Explanation:
This question states that antivirus is up-to-date on the workstation and the firewall has not been
altered. The antivirus software is up to date with all ‘known’ viruses. A zero day vulnerability is an
unknown vulnerability so a patch or virus definition has not been released yet.
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security
hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this
exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware,
spyware or allowing unwanted access to user information. The term “zero day” refers to the
unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the
vulnerability becomes known, a race begins for the developer, who must protect users.