GCIH Question #353: Real Exam Question with Answer & Explanation

The correct answer is B: VNC. VNC (Virtual Network Computing) is a legitimate remote desktop sharing protocol that by default listens on TCP port 5900. While designed for authorized remote administration, VNC is frequently abused as an application-level backdoor - attackers install it covertly on compromised

Malware Analysis & Advanced Persistent Threats

Question

Which remote control program can be used as an application-level backdoor and typically listens for connections on port 5900?

Options

ABack Orifice
BVNC
CSub7
DNetbus
EHack-a-tack

Explanation

VNC (Virtual Network Computing) is a legitimate remote desktop sharing protocol that by default listens on TCP port 5900. While designed for authorized remote administration, VNC is frequently abused as an application-level backdoor - attackers install it covertly on compromised systems to maintain persistent, graphical remote access. Because it is a real, signed application, it often evades detection better than purpose-built malware. The other options are all dedicated malicious remote access trojans (RATs) with different default ports: Back Orifice used UDP 31337/31338, Netbus used TCP 12345/12346, and Sub7 typically used TCP 27374. Hack-a-tack is another legacy RAT. None of the others are associated with port 5900.

Topics

#backdoor#VNC#port 5900#remote access trojan

Community Discussion

No community discussion yet for this question.

Full GCIH Practice