nerdexam
CompTIA

SY0-301 · Question #334

Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO).

The correct answer is B. Logic Bomb D. Backdoor. Installing code that automatically reactivates a disabled account is both a logic bomb (triggered by a timed condition) and a backdoor (providing unauthorized re-entry).

Threats, vulnerabilities, and mitigations

Question

Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO).

Options

  • ARootkit
  • BLogic Bomb
  • CBotnet
  • DBackdoor
  • ESpyware

How the community answered

(62 responses)
  • A
    2% (1)
  • B
    92% (57)
  • C
    2% (1)
  • E
    5% (3)

Why each option

Installing code that automatically reactivates a disabled account is both a logic bomb (triggered by a timed condition) and a backdoor (providing unauthorized re-entry).

ARootkit

A rootkit is malware that hides its presence and grants privileged access at the OS level; this scenario involves a timed trigger, not stealth at the kernel level.

BLogic BombCorrect

A logic bomb is malicious code that lies dormant until a specific condition is met - in this case, the condition is a one-week timer after account disablement, at which point the code executes and reactivates the account.

CBotnet

A botnet is a network of compromised machines controlled by an attacker for coordinated tasks such as DDoS attacks, which is unrelated to account reactivation.

DBackdoorCorrect

A backdoor is any method that allows unauthorized access to a system bypassing normal authentication; reactivating a disabled account gives the developer a covert re-entry path that circumvents the access controls that were intentionally enforced.

ESpyware

Spyware covertly collects user information and transmits it to a third party; it does not reactivate accounts or provide unauthorized access.

Concept tested: Logic bomb and backdoor malware identification

Source: https://csrc.nist.gov/glossary/term/logic_bomb

Topics

#logic bomb#backdoor#malware#insider threat

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice