SY0-501 Question #543: Real Exam Question with Answer & Explanation

Question

A user receives an email from ISP indicating malicious traffic coming from the user's home network is detected. The traffic appears to be Linux-based, and it is targeting a website that was recently featured on the news as being taken offline by an Internet attack. The only Linux device on the network is a home surveillance camera system. Which of the following BEST describes what is happening?

Options

• AThe camera system is infected with a bot.
• BThe camera system is infected with a RAT.
• CThe camera system is infected with a Trojan.
• DThe camera system is infected with a backdoor.

Explanation

The scenario describes a compromised IoT device participating in a coordinated DDoS attack, which is the hallmark behavior of a botnet infection. The camera is acting as a 'bot' or 'zombie' under command of a botmaster.

Common mistakes.

• B. A Remote Access Trojan (RAT) is designed to give an attacker interactive remote control over a single device for espionage or data theft, not to coordinate large-scale outbound attacks against external websites.
• C. A Trojan disguises itself as legitimate software to gain initial access, but it is a delivery mechanism rather than a description of the ongoing malicious behavior (coordinated outbound DDoS traffic) observed here.
• D. A backdoor provides persistent covert access to a compromised system for an attacker, but it does not specifically explain the coordinated, outbound attack traffic targeting an external website that characterizes botnet activity.

Concept tested. Botnet infection and IoT device compromise

Reference. https://www.cisa.gov/news-events/news/understanding-denial-service-attacks

No community discussion yet for this question.