An administrator is assigned to monitor servers in a data center. A web server connected to the Internet suddenly experiences a large spike in CPU activity. Which
of the following is the MOST likely cause?
A.
Spyware
B.
Trojan
C.
Privilege escalation
D.
DoS
Explanation:
A Distributed Denial of Service (DDoS) attack is a DoS attack from multiple computers whereas a DoS attack is from a single computer. In terms of the actual
method of attack, DDoS and DoS attacks are the same.
One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate
traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. A distributed denial-of-service (DDoS) attack
occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of
multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections
can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more
attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be
stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more
incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will
end up completely crashing a website for periods of time.
Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and
time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack.
Incorrect Answers:
A: Spyware is software that aids in gathering information about a person or organization without their knowledge and that may send such information to another
entity without the consumer’s consent, or that asserts control over a computer without the consumer’s knowledge. “Spyware” is mostly classified into four types:
system monitors, trojans, adware, and tracking cookies. Spyware is mostly used for the purposes of tracking and storing Internet users’ movements on the Web
and serving up pop-up ads to Internet users. Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can be difficult to
detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users. It’smore likely that a DoS attack would cause a spike in CPU activity. Therefore, this answer is incorrect.
B: A Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get
control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan horse was a program that
was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus. It’s more likely that a DoS attack would
cause a spike in CPU activity. Therefore, this answer is incorrect.
C: Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to
resources that are normally protected from an application or user. Privilege escalation would not cause a spike in CPU activity. Therefore, this answer is incorrect.http://en.wikipedia.org/wiki/Denial-of-service_attack
http://en.wikipedia.org/wiki/Spyware
http://searchsecurity.techtarget.com/definition/Trojan-horse