nerdexam
CompTIA

SY0-301 · Question #304

During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Usi

The correct answer is D. Rootkit. A rootkit is malware designed to hide its own presence and the presence of other malicious processes from standard OS-level tools, which is why the local administrator saw nothing abnormal. Rootkits hook into the operating system to conceal files, network connections, and running

Threats, vulnerabilities, and mitigations

Question

During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server?

Options

  • ASPIM
  • BBackdoor
  • CLogic bomb
  • DRootkit

How the community answered

(26 responses)
  • A
    8% (2)
  • B
    4% (1)
  • C
    15% (4)
  • D
    73% (19)

Explanation

A rootkit is malware designed to hide its own presence and the presence of other malicious processes from standard OS-level tools, which is why the local administrator saw nothing abnormal. Rootkits hook into the operating system to conceal files, network connections, and running processes. The hidden processes and unauthorized external connections are classic rootkit indicators. SPIM (A) is spam over instant messaging - unrelated. A backdoor (B) provides unauthorized remote access but does not specifically hide processes from the local admin. A logic bomb (C) triggers a payload based on a condition but does not provide the stealth or remote-access features described. Only a rootkit explains both the hidden processes and the evasion of the local audit.

Topics

#rootkit#malware#hidden processes#network anomaly

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice