SY0-501 · Question #413
SY0-501 Question #413: Real Exam Question with Answer & Explanation
The correct answer is A: RAT. The detection of a new listening port in a listening state after running a suspicious application is a classic indicator of malware designed for remote access.
Question
A user downloads and installs an MP3 converter, and runs the application. Upon running the application, the antivirus detects a new port in a listening state. Which of the following has the user MOST likely executed?
Options
- ARAT
- BWorm
- CRansomware
- DBot
Explanation
The detection of a new listening port in a listening state after running a suspicious application is a classic indicator of malware designed for remote access.
Common mistakes.
- B. Worms are primarily characterized by their ability to self-replicate and spread autonomously across networks, not by opening listening ports for direct remote control by an attacker.
- C. Ransomware's primary function is to encrypt a victim's files and demand a ransom for their decryption, rather than to establish a listening port for remote administrative access.
- D. While a bot allows remote control as part of a botnet, it typically initiates outbound connections to its command and control server rather than opening a listening port for arbitrary inbound connections from an attacker.
Concept tested. Malware types and characteristics
Reference. https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/trojans
Community Discussion
No community discussion yet for this question.