312-50V13 · Question #155
In Trojan terminology, what is a covert channel?
The correct answer is A. A channel that transfers information within a computer system or network in a way that violates. A covert channel is a method of transferring information in a way that is hidden or not intended by the system's design, often violating security policies.
Question
Exhibit
Options
- AA channel that transfers information within a computer system or network in a way that violates
- BA legitimate communication path within a computer system or network for transfer of data
- CIt is a kernel operation that hides boot processes and services to mask detection
- DIt is Reverse tunneling technique that uses HTTPS protocol instead of HTTP protocol to establish
How the community answered
(41 responses)- A90% (37)
- B2% (1)
- C5% (2)
- D2% (1)
Why each option
A covert channel is a method of transferring information in a way that is hidden or not intended by the system's design, often violating security policies.
A covert channel is a communication path that is not designed for information transfer but can be exploited by malicious software, such as Trojans, to secretly transmit data in violation of a system's security policy. This often involves using legitimate system resources in an unconventional manner.
A legitimate communication path is an overt channel, designed for communication, which is the antithesis of a covert channel.
While rootkits might utilize covert channels, 'a kernel operation that hides boot processes and services' describes a rootkit's specific functionality for evasion, not the general definition of a covert channel.
Reverse tunneling using HTTPS is a specific technique for creating a communication link, which *could* be used to establish a covert channel, but it is not the definition of a covert channel itself.
Concept tested: Covert channels (Trojan context)
Source: https://learn.microsoft.com/en-us/security/compass/data-exfiltration#covert-channels
Topics
Community Discussion
No community discussion yet for this question.
