nerdexam
EC-Council

312-50V10 · Question #586

A covert channel is a channel that

The correct answer is A. transfers information over, within a computer system, or network that is outside of the security. A covert channel is defined as a communication path that transfers information in a way that violates or circumvents the system's established security policy.

Information Security and Ethical Hacking Fundamentals

Question

A covert channel is a channel that

Options

  • Atransfers information over, within a computer system, or network that is outside of the security
  • Btransfers information over, within a computer system, or network that is within the security policy.
  • Ctransfers information via a communication path within a computer system, or network for transfer
  • Dtransfers information over, within a computer system, or network that is encrypted.

How the community answered

(27 responses)
  • A
    89% (24)
  • B
    7% (2)
  • C
    4% (1)

Why each option

A covert channel is defined as a communication path that transfers information in a way that violates or circumvents the system's established security policy.

Atransfers information over, within a computer system, or network that is outside of the securityCorrect

A covert channel exploits mechanisms not intended for communication - such as timing, resource usage, or storage - to transfer information outside of what the security policy permits. Because it operates outside policy controls, it bypasses mandatory access controls and audit mechanisms. NIST and classic security literature define covert channels specifically by their violation of the security policy, not merely by being hidden or encrypted.

Btransfers information over, within a computer system, or network that is within the security policy.

A channel that operates within the security policy is a legitimate, authorized communication path, which is the opposite of a covert channel.

Ctransfers information via a communication path within a computer system, or network for transfer

This option describes a generic communication path and omits the critical defining characteristic that the channel violates or is outside the security policy.

Dtransfers information over, within a computer system, or network that is encrypted.

Encryption alone does not define a covert channel; an encrypted channel can be fully authorized and within policy, while a covert channel may not use encryption at all.

Concept tested: Covert channel definition and security policy violation

Source: https://csrc.nist.gov/glossary/term/covert_channel

Topics

#covert channel#information security#security policy#data exfiltration

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice