During a routine configuration audit, a systems administrator determines that a former employee placed
an executable on an application server. Once the system was isolated and diagnosed, it was determined
that the executable was programmed to establish a connection to a malicious command and control
server. Which of the following forms of malware is best described in the scenario?
A.
Logic bomb
B.
Rootkit
C.
Back door
D.
Ransomware
“A common means by which attackers bypass firewalls is via the so-called “connect-back” technique. Attackers use backdoors to connect victims’ systems to their C&C server and vice versa via ports that are not blocked by corporate firewalls. This allows them to remain undetected in target networks.
In order to bypass corporate firewalls, attackers must deliver a backdoor to their target network so they can connect systems to their C&C server and vice versa. This requires bypassing other protection means such as anti-malware solutions. Attackers often use emails to deliver backdoors to targets. It is also common for attackers to compromise and use servers with public IP addresses as C&C servers to better hide their tracks.”
https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-backdoor-use-in-targeted-attacks.pdf
So the correct answer is : C
1
0
I chose C thinking that a back door will be established to do damage
1
0