nerdexam
EC-Council

312-50V10 · Question #646

Which definition among those given below best describes a covert channel?

The correct answer is B. Making use of a protocol in a way it is not intended to be used.. A covert channel is a communication mechanism that transfers information in ways not intended by the system's designers, typically by abusing legitimate protocols to bypass security controls.

Evading IDS, Firewalls, and Honeypots

Question

Which definition among those given below best describes a covert channel?

Options

  • AA server program using a port that is not well known.
  • BMaking use of a protocol in a way it is not intended to be used.
  • CIt is the multiplexing taking place on a communication link.
  • DIt is one of the weak channels used by WEP which makes it insecure.

How the community answered

(50 responses)
  • A
    2% (1)
  • B
    92% (46)
  • C
    2% (1)
  • D
    4% (2)

Why each option

A covert channel is a communication mechanism that transfers information in ways not intended by the system's designers, typically by abusing legitimate protocols to bypass security controls.

AA server program using a port that is not well known.

A server using a non-standard or unknown port is simply an uncommon service configuration and does not involve misusing a protocol's intended function to covertly transfer information.

BMaking use of a protocol in a way it is not intended to be used.Correct

A covert channel is technically defined as using a protocol or communication mechanism in an unintended manner to secretly transfer information, such as encoding data inside ICMP echo requests or DNS queries to exfiltrate data past firewalls. This misuse of legitimate protocols violates the security policy of the system without using any officially sanctioned communication path.

CIt is the multiplexing taking place on a communication link.

Multiplexing is a standard, intentional technique for sharing bandwidth across multiple signals on a communication link and has no relation to covert information transfer.

DIt is one of the weak channels used by WEP which makes it insecure.

WEP's insecurity is caused by weak initialization vectors and flawed RC4 key scheduling, not by any concept related to covert channels.

Concept tested: Covert channel definition and protocol misuse

Source: https://csrc.nist.gov/glossary/term/covert_channel

Topics

#covert channel#protocol misuse#tunneling#evasion

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice