Exam SY0-701 topic 1 question 208 discussion

A is correct. Memory injection allows the attackers to inject malicious code directly into the memory of a running process which can then be used to execute arbitrary commands or generate unauthorized network traffic. Race Condition refers to two processes competing to modify the same resource which can lead to unpredictable behavior but is less likely to cause abnormal outbound traffic. Side Loading refers to loading a malicious DLL into a legitimate process. SQL injection involves injecting malicious SQL code into a database and is primarily concerned with database manipulation rather than generating outbound network traffic.

Side loading would make sense if the question referenced changes made to the files the software uses to run. That's my understanding of the difference between side loading and memory injection. For it to be side loading, an attacker would have to place a malicious file in storage that that the software unintentionally loads and runs code off of.

The abnormal behavior—unexpected outbound traffic over random high ports—suggests that malicious code has been injected into the application's memory. Memory injection attacks allow an attacker to execute arbitrary code within the memory space of a legitimate process, often leading to unauthorized network activity, data exfiltration, or the deployment of additional malware.

The correct answer is: C. Side loading Explanation: Side loading involves the unauthorized loading or execution of malicious code alongside legitimate software. In this scenario: The software is behaving abnormally and generating unexpected outbound traffic, which suggests it may have been compromised to execute additional, malicious code. Random high-port outbound traffic is a common indicator of malware or other unauthorized processes attempting to exfiltrate data or communicate with a command-and-control (C2) server.

A. Memory injection Memory injection vulnerabilities allow an attacker to manipulate the memory of a running application. This can lead to malicious behavior, such as executing arbitrary code or altering the application's normal operation. In this scenario, the abnormal behavior (outbound traffic over random high ports) suggests that the software has been compromised to execute unauthorized operations, which is characteristic of a memory injection exploit.

The correct answer is C, side loading Side loading refers to a situation where software loads a malicious or unauthorized component or library (often from an untrusted source) instead of a legitimate one. In this case, the abnormal behavior (outbound traffic over random high ports) suggests that the application may have been compromised, and a malicious payload has been introduced, causing the software to behave unexpectedly. The random outbound traffic could indicate that the compromised software is now communicating with a command-and-control server or exfiltrating data.

A. Memory Injection