312-50V13 · Question #570
312-50V13 Question #570: Real Exam Question with Answer & Explanation
The correct answer is A: File system permissions. Explanation File system permissions (A) is correct because the anonymous FTP user - which should have extremely restricted access - was able to upload files to the root directory, extract archives, and execute scripts and binaries. This is only possible if the FTP server's file s
Question
A network administrator discovers several unknown files in the root directory of his Linux FTP server. One of the files is a tarball, two are shell script files, and the third is a binary file is named "nc." The FTP server's access logs show that the anonymous user account logged in to the server, uploaded the files, and extracted the contents of the tarball and ran the script using a function provided by the FTP server's software. The "ps" command shows that the "nc" file is running as process, and the netstat command shows the "nc" process is listening on a network port. What kind of vulnerability must be present to make this remote attack possible?
Options
- AFile system permissions
- BPrivilege escalation
- CDirectory traversal
- DBrute force login
Explanation
Explanation
File system permissions (A) is correct because the anonymous FTP user - which should have extremely restricted access - was able to upload files to the root directory, extract archives, and execute scripts and binaries. This is only possible if the FTP server's file system permissions were misconfigured, allowing an unprivileged anonymous account to write to and execute files in a sensitive directory. A properly secured FTP server would restrict anonymous users to read-only access in a designated, isolated directory.
Privilege escalation (B) is incorrect because that would involve a user gaining higher privileges after already having access - here, the core problem is that the anonymous account had excessive permissions from the start, not that it escalated to gain them. Directory traversal (C) is wrong because that attack involves navigating outside permitted directories using path manipulation (e.g., ../), which is not described here. Brute force login (D) is irrelevant because anonymous login requires no password to crack - the attacker simply logged in as intended.
🧠 Memory Tip: Think "anonymous + upload + execute = permissions problem." Whenever an account that should be restricted can do things it shouldn't, ask yourself who allowed that - the answer is always misconfigured permissions.
Topics
Community Discussion
No community discussion yet for this question.