SY0-301 · Question #304
During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Usi
The correct answer is D. Rootkit. A rootkit is malware designed to hide its own presence and the presence of other malicious processes from standard OS-level tools, which is why the local administrator saw nothing abnormal. Rootkits hook into the operating system to conceal files, network connections, and running
Question
During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server?
Options
- ASPIM
- BBackdoor
- CLogic bomb
- DRootkit
How the community answered
(26 responses)- A8% (2)
- B4% (1)
- C15% (4)
- D73% (19)
Explanation
A rootkit is malware designed to hide its own presence and the presence of other malicious processes from standard OS-level tools, which is why the local administrator saw nothing abnormal. Rootkits hook into the operating system to conceal files, network connections, and running processes. The hidden processes and unauthorized external connections are classic rootkit indicators. SPIM (A) is spam over instant messaging - unrelated. A backdoor (B) provides unauthorized remote access but does not specifically hide processes from the local admin. A logic bomb (C) triggers a payload based on a condition but does not provide the stealth or remote-access features described. Only a rootkit explains both the hidden processes and the evasion of the local audit.
Topics
Community Discussion
No community discussion yet for this question.