CompTIA
CAS-002 · Question #329
CAS-002 Question #329: Real Exam Question with Answer & Explanation
The correct answer is B: Stenography. The Zeus variant used steganography to hide malicious configuration data inside files that appeared normal, bypassing signature-based NIPS and AV detection entirely.
Question
A security engineer at a bank has detected a Zeus variant, which relies on covert communication channels to receive new instructions and updates from the malware developers. As a result, NIPS and AV systems did not detect the configuration files received by staff in emails that appeared as normal files. Which of the following BEST describes the technique used by the malware developers?
Options
- APerfect forward secrecy
- BStenography
- CDiffusion
- DConfusion
- ETransport encryption
Explanation
The Zeus variant used steganography to hide malicious configuration data inside files that appeared normal, bypassing signature-based NIPS and AV detection entirely.
Common mistakes.
- A. Perfect forward secrecy is a cryptographic key exchange property that protects past session keys if long-term keys are compromised, and has no function in concealing data inside normal-looking files.
- C. Diffusion is a cryptographic design principle that disperses the influence of plaintext bits across ciphertext, not a method for embedding hidden instructions inside carrier files.
- D. Confusion is a cryptographic principle that obscures the statistical relationship between a key and ciphertext, and does not describe hiding malicious payloads within ordinary files.
- E. Transport encryption protects data in transit over a network but would not cause malicious files to appear as normal, legitimate attachments to host-based AV or inline NIPS inspection.
Concept tested. Steganography as a covert malware communication channel
Reference. https://www.nist.gov/publications/guide-integrating-forensic-techniques-incident-response
Community Discussion
No community discussion yet for this question.